RDS clusters should have encryption at rest enabled

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This check verifies RDS database clusters encrypt data at rest. Data at rest encompasses any information stored in persistent, non-volatile storage. Encryption is crucial for safeguarding the confidentiality of this data, mitigating the risk of unauthorized access. Ensuring your RDS database clusters are encrypted protects both your data and metadata from unauthorized access, as well as assists with adherence to compliance standards for encrypting data at rest in production file systems.

Remediation

To enable encryption at rest, configure it during the creation of an RDS database cluster, as encryption settings cannot be modified post-creation. For further guidance, refer to the Encrypting an Amazon Aurora DB cluster section in the Amazon Aurora User Guide.

PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data