Control: AWS DocumentDB clusters should be encrypted at rest
Description
This control checks whether an AWS DocumentDB cluster is encrypted at rest. The control fails if an AWS DocumentDB cluster isn't encrypted at rest.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.docdb_cluster_encryption_at_rest_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.docdb_cluster_encryption_at_rest_enabled --shareSQL
This control uses a named query:
select arn as resource, case when storage_encrypted then 'ok' else 'alarm' end as status, case when storage_encrypted then title || ' encrypted at rest.' else title || ' not encrypted at rest.' end as reason , region, account_idfrom aws_docdb_cluster;