AWS-DocumentDB-cluster-snapshots-encrypted

Severity: Low

Description: This control ensures that all the Database Cluster snapshots (manual or automatic) are encrypted in order to keep the data in the snapshots secure.All database snapshots on AWS should be encrypted in order to keep the customer data secure from unauthorized access. UnEncrypted snapshots can be restored to view the data stored in the DB Cluster.

Remediation Steps:

Perform following to update DocumentDB cluster snapshot encryption:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to DocumentDB console.

3. In the Navigation pane, click on Snapshots.

4. Click on the Snapshot to encrypt, click Actions button.

5. Under Actions, choose Copy Snapshot.

6. Choose your Destination Region, and then enter your New DB Snapshot Identifier.

7. Select Copy Tags if needed.

8. Under Encryption, select Enable Encryption.

9. Select your Master Key from the list, and then choose Copy Snapshot.

Important:

Reference:

• https://docs.aws.amazon.com/documentdb/latest/developerguide/what-is.html

• https://docs.aws.amazon.com/documentdb/latest/developerguide/backup_restore-copy_cluster_snapshot.html

• https://docs.aws.amazon.com/cli/latest/reference/docdb/copy-db-cluster-snapshot.html