Ensure that your AWS DAX cluster data at rest (i.e. data in cache, configuration data and log files) is encrypted using Server-Side Encryption in order to protect it from unauthorized access to the underlying storage and meet compliance requirements. DAX Server-Side Encryption automatically integrates with AWS Key Management Service (KMS) for managing the default key that is used to encrypt your DAX cache clusters. The encryption and decryption process adds no storage overhead, has minimal impact on performance and is completely transparent – you don't need to modify your applications to use SSE.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When encryption at rest is enabled for your Amazon DAX cache clusters, you can effortlessly use the service for security-sensitive DynamoDB applications with stringent data protection requirements requested by organizational policies, industry or government regulations.
Audit
To determine if encryption at rest is enabled for your Amazon DynamoDB Accelerator (DAX) clusters, perform the following actions:
Remediation / Resolution
To enable Server-Side Encryption (SSE) for an existing Amazon DAX cache cluster, you need to re-create that cluster with the necessary encryption configuration. To launch a new Amazon DynamoDB Accelerator cluster and enable SSE, perform the following actions:
References
- AWS Documentation
- Amazon DynamoDB Accelerator (DAX)
- DAX Encryption at Rest
- Step 2: Create a DAX Cluster
- AWS Command Line Interface (CLI) Documentation
- dax
- describe-clusters
- create-cluster
- delete-cluster
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Cluster Encryption
Risk level: High