AWS DocumentDB Best Practice

Best practice rules for Amazon DocumentDB

• DocumentDB Clusters Encrypted with KMS CMKs

  Ensure AWS DocumentDB clusters are encrypted with KMS Customer Master Keys.

• DocumentDB Encryption Enabled

  Enable encryption at rest for AWS DocumentDB clusters.

• DocumentDB Sufficient Backup Retention Period

  Ensure that Amazon DocumentDB clusters have set a minimum backup retention period.

• Enable Amazon DocumentDB Deletion Protection

  Ensure that Deletion Protection feature is enabled for your DocumentDB database clusters.

• Enable DocumentDB Profiler

  Ensure that the Profiler feature is enabled for your DocumentDB database clusters.

• Log Exports

  Enable AWS DocumentDB Log Exports.

• Rotate SSL/TLS Certificates for DocumentDB Cluster Instances

  Ensure that SSL/TLS certificates for DocumentDB database instances are rotated according to the AWS schedule.