Ensure RDS Instance TDE Status is enabled

Call the ModifyDBInstanceTDE interface to enable the transparent data encryption function of the RDS instance. Transparent Data Encryption TDE performs real-time I/O encryption and decryption of data files. Data is encrypted before being written to disk and decrypted when read from disk into memory. The name of the database for which you want to enable TDE. You can specify up to 50 database names in a single request. If you specify multiple database names, separate the database names with commas (,).

Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD047

REMEDIATION

set tde_status parameter to 'Enabled' for supported RDS instances

- tde_status = "Disabled"
+ tde_status = "Enabled"

Read more: