RDS Instances Use KMS Encryption
Rule Details
Parameter |
Description |
---|---|
Rule Name |
rds-instances-enable-kms |
Identifier |
RDS Instances Use KMS Encryption |
Description |
If KMS encryption is not enabled for an RDS instance, this instance is non-compliant. |
Tag |
rds |
Trigger Type |
Configuration change |
Filter Type |
rds.instances |
Rule Parameters |
None |
Application Scenarios
To improve data security, enable server-side encryption. Data will be encrypted on the server before being stored when you create a DB instance or scale up storage space. This reduces the risk of data leakage.
Solution
Create a key using the Data Encryption Workshop (DEW). When creating a DB instance, select Enable for disk encryption and select the key you created. The key is the end tenant key and is used for server-side encryption. For details, see Performing a Server-Side Encryption.
Rule Logic
- If server-side encryption is not enabled for an RDS instance, this instance is non-compliant.
- If server-side encryption is enabled for an RDS instance, this instance is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot