Best practice rules for Amazon DocumentDB
Trend Micro Cloud One™ – Conformity monitors Amazon DocumentDB with the following rules:
- DocumentDB Clusters Encrypted with KMS CMKs
Ensure AWS DocumentDB clusters are encrypted with KMS Customer Master Keys.
- DocumentDB Encryption Enabled
Enable encryption at rest for AWS DocumentDB clusters.
- DocumentDB Sufficient Backup Retention Period
Ensure that Amazon DocumentDB clusters have set a minimum backup retention period.
- Enable Amazon DocumentDB Deletion Protection
Ensure that Deletion Protection feature is enabled for your DocumentDB database clusters.
- Enable DocumentDB Profiler
Ensure that the Profiler feature is enabled for your DocumentDB database clusters.
- Log Exports
Enable AWS DocumentDB Log Exports.
- Rotate SSL/TLS Certificates for DocumentDB Cluster Instances
Ensure that SSL/TLS certificates for DocumentDB database instances are rotated according to the AWS schedule.