DAX Cluster should always encrypt data at rest
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | dynamodb |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The DAX cluster is configured without encryption at rest, meaning data stored on the underlying storage is not protected against unauthorized access. This leaves sensitive cache data exposed if the storage medium is accessed directly.
Impact#
If the cluster storage is compromised, an attacker could read all cached data in plaintext, leading to potential data breaches, exposure of sensitive information, and non-compliance with data protection regulations.
Resolution#
Enable encryption at rest for DAX Cluster