For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-u03.md. A documentation index is available at /llms.txt.

RDS clusters should use KMS encryption

rds

Description

Amazon RDS clusters should use KMS encryption with AWS managed keys to ensure data is encrypted at rest using industry-standard encryption methods.

Remediation

Enable KMS encryption for your RDS cluster by configuring the kms_key_id parameter when creating or modifying the cluster. Refer to the Amazon RDS encryption documentation for detailed steps.