---
title: RDS clusters should use KMS encryption
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > RDS clusters should use KMS encryption
---

# RDS clusters should use KMS encryption
 
## Description{% #description %}

Amazon RDS clusters should use KMS encryption with AWS managed keys to ensure data is encrypted at rest using industry-standard encryption methods.

## Remediation{% #remediation %}

Enable KMS encryption for your RDS cluster by configuring the `kms_key_id` parameter when creating or modifying the cluster. Refer to the [Amazon RDS encryption documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html) for detailed steps.