.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Checks that AWS ECR container repositories are encrypted at rest.Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
Why This Matters
Unencrypted data at rest is vulnerable to unauthorized access if storage media is compromised, improperly decommissioned, or accessed by unauthorized personnel. Encryption at rest is a baseline requirement for SOC 2 (CC6.1), ISO 27001 (A.10.1.1), HIPAA, and PCI DSS.What DSALTA Checks
DSALTA connects to your Amazon Web Services (AWS) environment using read-only API access and evaluates this configuration on every sync cycle. The test result appears in your Data Library → Tests dashboard:- Passing — The configuration meets requirements. No action needed.
- Failing — The configuration does not meet requirements. Follow the remediation steps below.
- Not configured — The integration is connected but the required service or feature has not been set up yet.
How to Fix
If this test is failing, follow these steps to remediate:- Sign in to the AWS Management Console and navigate to the relevant service (e.g., RDS, S3, EBS, DynamoDB).
- Select the resource that requires encryption.
- For new resources, enable Encryption at rest during creation and select your KMS key.
- For existing unencrypted resources, you typically need to create an encrypted copy and migrate:
- RDS: Create a snapshot → Copy snapshot with encryption → Restore from encrypted snapshot.
- EBS: Create a snapshot → Copy snapshot with encryption → Create new volume from encrypted snapshot.
- S3: Enable default encryption on the bucket (SSE-S3 or SSE-KMS).
- DynamoDB: Encryption is enabled by default on new tables. For existing tables, update the encryption settings.
- Verify encryption is active in the resource’s configuration panel.
- Once configured, DSALTA will detect the change on the next sync cycle and update the test status to Passing.
Frequently Asked Questions
How often does this test run?
How often does this test run?
This test runs automatically every 24 hours when the Amazon Web Services (AWS) integration is connected. You can trigger a manual sync at any time from the integration settings page.
What happens if this test fails?
What happens if this test fails?
A failing test generates an alert in your DSALTA dashboard. The assigned responsible role receives a notification. Remediate the issue before it affects your compliance posture.
Can I exclude this test?
Can I exclude this test?
Yes. If this test does not apply to your environment, you can mark it as Not Applicable with a justification. This exclusion is documented for auditors.
Does DSALTA modify my Amazon Web Services (AWS) configuration?
Does DSALTA modify my Amazon Web Services (AWS) configuration?
No. DSALTA uses read-only API access and never modifies, creates, or deletes resources in your environment. Remediation actions must be performed by your team directly in Amazon Web Services (AWS).