RDS cluster and instance snapshots should be encrypted at rest
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Description
This control ensures snapshots are encrypted. It checks RDS, Neptune, DocDB, and Aurora snapshots. Snapshot encryption is crucial for maintaining data confidentiality and complying with security best practices.
To encrypt an RDS snapshot, refer to the Encrypting Amazon RDS resources section in the Amazon RDS User Guide. Encryption covers the instance’s underlying storage, automated backups, read replicas, and snapshots.
Although you can only enable encryption during the creation of an RDS DB instance, you can encrypt an existing instance by following these steps:
- Create a Snapshot: Generate a snapshot of your current unencrypted DB instance.
- Create an Encrypted Copy: Make an encrypted copy of the snapshot.
- Restore from Encrypted Snapshot: Restore a DB instance from the encrypted snapshot.
By doing this, you effectively create an encrypted version of your original, unencrypted DB instance, ensuring data security and compliance.