Not all data stored in Aurora is securely encrypted at rest

Description

This policy examines the resource aws_rds_cluster to check that encryption is set up. The property storage_encrypted is examined.

Fix - Runtime

AWS Console

TBA

CLI Command

Fix - Buildtime

Terraform
    • Resource: aws_rds_cluster
    • Argument: storage_encrypted

    ` ` `go aws_rds_cluster.test.tf resource “aws_rds_cluster” “example” { … cluster_identifier = “aurora-cluster-demo” + storage_encrypted = true … }

## CloudFormation

– **Resource:** AWS::RDS::DBCluster

– **Argument:** Properties.StorageEncrypted

“`yaml

Resources:

Aurora:

Type: ‘AWS::RDS::DBCluster’

Properties:

Engine: ‘aurora’

+ StorageEncrypted: true

ReLambda