DAX cluster and tables encryption should be enabled
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | DATA, PERMISSION |
Description
Amazon DynamoDB Accelerator (DAX) is an in-memory cache for Amazon DynamoDB. Upon receiving a request it checks for the item in its cache and if not found sends the request to DynamoDB. The data should always be encrypted at rest to protect the data if accesses are compromised.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | True |
Not encrypting data at rest could lead to data leak in case of attack.
Remediation guidelines
Enable DAX data encryption at rest.