HIGH
Source
Trivy/CSPM
CSPM ID
rds-encryption-enabled
ID
AVD-AWS-0080

RDS encryption has not been enabled at a DB Instance level.

Encryption should be enabled for an RDS Database instances.

When enabling encryption by setting the kms_key_id.

Impact

Data can be read from RDS instances if compromised

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption for RDS instances

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of rds sgr
Resources:
  Instance:
    Type: AWS::RDS::DBInstance
    Properties:
      StorageEncrypted: true
      KmsKeyId: "something"

Follow the appropriate remediation steps below to resolve the issue.

    <button
      data-tab-item="Management Console"
      data-tab-group="remediation"
      class="tab-nav-button btn active"
      onclick="switchTab('remediation','Management Console')"
     >Management Console</button>

</div>
<div class="tab-content">
    
    <div data-tab-item="Management Console" data-tab-group="remediation" class="tab-item active">
        <ol>
    </div>
    
</div>

Enable encryption for RDS instances

1
2
3
resource "aws_db_instance" "good_example" {
  storage_encrypted  = true
}