Back to All Checks
Medium DMS Regional

DMS endpoints should have SSL enabled

NIST 800-53PCI DSS v4.0.1PCI DSS v4.2.1ISO 27001HIPAA

Description

This control checks whether an AWS DMS endpoint uses an SSL connection. The control fails if the endpoint doesn't use SSL. SSL/TLS connections provide a layer of security by encrypting connections between DMS replication instances and your database. Using certificates provides an extra layer of security by validating that the connection is being made to the expected database. It does so by checking the server certificate that is automatically installed on all database instances that you provision. By enabling SSL connection on your DMS endpoints, you protect the confidentiality of the data during the migration.

Remediation

Enable SSL connections for your DMS endpoints to encrypt data in transit during database migration.

Steps

  1. Navigate to the AWS DMS console
  2. Go to the Endpoints section
  3. Select the endpoint that needs SSL enabled
  4. Modify the endpoint configuration
  5. In the 'SSL mode' section, select an SSL mode other than 'none'
  6. Choose appropriate SSL mode: 'require', 'verify-ca', or 'verify-full'
  7. Configure SSL certificate if needed
  8. Save the configuration changes
  9. Verify that SSL is now enabled for the endpoint

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v4.2.1ISO 27001HIPAA
Start Your Free Security Check