01 - DocumentDB Encrypted

Ensure DocumentDB has Encryption Enabled

DocumentDB is amazon’s offering for a document store that closely resembles MongoDB as many libraries for Mongo work directly with DocumentDB. Since DocumentDB is a No SQL database, sensitive data could be stored with-in this database. It is for this reason why encrypting your clusters is a security best practice and will help you with NIST, GDPR, HIPPA & PCI-DSS compliance.

Audit & Remediation

Login into your AWS account
Navigate to the EC2 service at: https://console.aws.amazon.com/docdb
On the DocumentDB main page, expand the left panel and navigate to Clusters.

Select the cluster name of interest in order to navigate to information specific to this cluster.
In the main panel, select the Configuration tab.
On the right side of the configuration panel, look for Encryption-at-rest just under Security and network.

If Encryption-at-rest is currently set to No, then encryption is not enabled.
At the top of the screen at the breadcrumbs, select Clusters to navigate back to the clusters screen.

Select the Actions button and then select Take snapshot.

Now in the left panel navigate to Snapshots.
Select the snapshot that you created in the previous steps and then in the top right corner, under the Actions button, select Restore.
Under Configuration evaluate the Number of Instances as this defaults to 3 and might not reflect what you had set previously.
Select Show advanced settings in order to locate the encryption settings.

Under the Advanced settings, locate the Encryption-at-rest settings.
Select Enable encryption in this window

Repeat these steps outlined for each DocumentDB cluster that you have.
Repeat these steps outlined for each Region that you are using.
Repeat these steps outlined for each account that you have.

See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.