The storage in the RDS is not encrypted
ID |
aws_rds_storage_not_encrypted |
Severity |
critical |
Vendor |
AWS |
Resource |
Encryption |
Tags |
reachable |
Description
The storage in the RDS is not encrypted. it is highly recommended to implement encryption in order to protect your data from unauthorized access.
To fix it you must configure storage_encrypted=true.
Learn more about this topic at AWS RDS encryption.
Examples
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create DB instance
amazon.aws.rds_instance:
id: "my-instance-id"
ca_certificate_identifier: rds-ca-2019
storage_encrypted: false
state: present
engine: postgres
engine_version: 14.2
username: "{{ username }}"
password: "{{ password }}"
db_instance_class: db.m6g.large
allocated_storage: "{{ allocated_storage }}"
iam_roles:
- role_arn: "{{ iam_role.arn }}"
feature_name: 's3Export'Mitigation / Fix
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create DB instance
amazon.aws.rds_instance:
id: "my-instance-id"
ca_certificate_identifier: rds-ca-2019
storage_encrypted: true
state: present
engine: postgres
engine_version: 14.2
username: "{{ username }}"
password: "{{ password }}"
db_instance_class: db.m6g.large
allocated_storage: "{{ allocated_storage }}"
iam_roles:
- role_arn: "{{ iam_role.arn }}"
feature_name: 's3Export'