RDS instances should be encrypted with a customer-managed KMS key

rds
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

RDS instances should be encrypted using a customer-managed KMS key rather than the default AWS-managed key. Customer-managed keys provide full control over key rotation policies, access permissions via KMS key policies, and the ability to revoke or disable the key.

Remediation

Create a new RDS instance with a customer-managed KMS key specified, or restore from an encrypted snapshot using a customer-managed key. Existing instances cannot have their encryption key changed in place. For guidance, refer to Encrypting Amazon RDS resources.