Ensure that encryption is enabled for your AWS DocumentDB (with MongoDB compatibility) clusters for additional data security and in order to meet compliance requirements for data-at-rest encryption. The encrypted data includes your DocumentDB cluster's data, indexes, logs, replicas and snapshots. DocumentDB service handles data encryption and decryption transparently, with minimal impact on cluster performance.
The encryption feature available for Amazon DocumentDB clusters provides an additional layer of data protection by helping secure your data against unauthorized access to the underlying storage.
To determine if your AWS DocumentDB clusters have data-at-rest encryption enabled, perform the following actions:
To enable data-at-rest encryption for your existing Amazon DocumentDB clusters, perform the following actions: