Ensure that encryption is enabled for RDS Instances
Amazon RDS encrypted DB instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances. After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance.
Risk Level: High
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.CFT.CRY.02
Covered by Spectral: Yes
Category: Database
GSL LOGIC
AWS_RDS_DBInstance should have StorageEncrypted=true
REMEDIATION
From CFT
Set AWS::RDS::DBInstance StorageEncrypted
property to true
References
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
- https://aws.amazon.com/blogs/database/selecting-the-right-encryption-options-for-amazon-rds-and-amazon-aurora-database-engines/#:~:text=With%20RDS%2Dencrypted%20resources%2C%20data,transparent%20to%20your%20database%20engine.
- https://aws.amazon.com/rds/features/security/
Amazon RDS
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago