Control: DocumentDB instance should be encrypted at rest
Description
This control checks whether an DocumentDB instance is encrypted at rest. The control fails if an DocumentDB instance isn't encrypted at rest.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.docdb_cluster_instance_encryption_at_rest_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.docdb_cluster_instance_encryption_at_rest_enabled --shareSQL
This control uses a named query:
select db_instance_arn as resource, case when storage_encrypted then 'ok' else 'alarm' end as status, case when storage_encrypted then title || ' encrypted at rest.' else title || ' not encrypted at rest.' end as reason , region, account_idfrom aws_docdb_cluster_instance;