Ensure that encryption is enabled for your AWS DocumentDB (with MongoDB compatibility) clusters for additional data security and in order to meet compliance requirements for data-at-rest encryption. The encrypted data includes your DocumentDB cluster's data, indexes, logs, replicas and snapshots. DocumentDB service handles data encryption and decryption transparently, with minimal impact on cluster performance.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
The encryption feature available for Amazon DocumentDB clusters provides an additional layer of data protection by helping secure your data against unauthorized access to the underlying storage.
To determine if your AWS DocumentDB clusters have data-at-rest encryption enabled, perform the following actions:
To enable data-at-rest encryption for your existing Amazon DocumentDB clusters, perform the following actions: