RDS cluster and instance snapshots should be encrypted at rest

rds
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control ensures snapshots are encrypted. It checks RDS, Neptune, DocDB, and Aurora snapshots. Snapshot encryption is crucial for maintaining data confidentiality and complying with security best practices.

Remediation

To encrypt an RDS snapshot, refer to the Encrypting Amazon RDS resources section in the Amazon RDS User Guide. Encryption covers the instance’s underlying storage, automated backups, read replicas, and snapshots.

Although you can only enable encryption during the creation of an RDS DB instance, you can encrypt an existing instance by following these steps:

  1. Create a Snapshot: Generate a snapshot of your current unencrypted DB instance.
  2. Create an Encrypted Copy: Make an encrypted copy of the snapshot.
  3. Restore from Encrypted Snapshot: Restore a DB instance from the encrypted snapshot.

By doing this, you effectively create an encrypted version of your original, unencrypted DB instance, ensuring data security and compliance.