AWS Config Rule: RDS Storage Encrypted

RDS_STORAGE_ENCRYPTED

Fernando Honig

Last Update 8 个月前

Description: Checks if storage encryption is enabled for your RDS DB instances. The rule is NON_COMPLIANT if storage encryption is not enabled.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

To resolve this manually, you will need to edit your RDS Instance and head to the additional configuration section. Here you can enable encryption and select a KMS Key. The Default AWS RDS one will work for your account, but it's best practice to create your own in KMS and use this instead.


By default, new RDS Instances have this section enabled, so your Instance should be created with storage encryption enabled.


How to Resolve with StackZone

You can resolve with StackZone by using the storage encryption remediation, which will ensure all of your RDS Instances are encrypted.


To enable this, head to Baseline Services -> Amazon RDS and ensure that RDS Encryption Enabled Remediation is set to true


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us