DocumentDB storage must be encrypted
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | documentdb |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The DocumentDB cluster is configured without storage encryption, leaving data at rest unprotected. This allows sensitive information on the underlying disks to remain readable if physical storage is compromised.
Impact#
If exploited, attackers or unauthorized parties with access to the physical storage could retrieve unencrypted database contents, leading to data breaches of sensitive information and possible regulatory violations.
Resolution#
Enable storage encryption