πΌ [RDS.3] RDS DB instances should have encryption at-rest enabled
- Contextual name: πΌ [RDS.3] RDS DB instances should have encryption at-rest enabled
- ID:
/frameworks/aws-fsbp-v1.0.0/rds/03
- Located in: πΌ Relational Database Service (RDS)
Descriptionβ
For an added layer of security for your sensitive data in RDS DB instances,
you should configure your RDS DB instances to be encrypted at rest. To encrypt
your RDS DB instances and snapshots at rest, enable the encryption option for
your RDS DB instances. Data that is encrypted at rest includes the underlying
storage for DB instances, its automated backups, read replicas, and snapshots.
RDS encrypted DB instances use the open standard AES-256 encryption algorithm
to encrypt your data on the server that hosts your RDS DB instances. After
your data is encrypted, Amazon RDS handles authentication of access and
decryption of your data transparently with a minimal impact on performance.
You do not need to modify your database client applications to use encryption.
Similarβ
- AWS Security Hub
- Internal
Similar Sections (Give Policies To)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)β
Internal Rulesβ
| Rule | Policies | Flags |
|---|
| βοΈ dec-x-6ba5ecd2 | 1 | |