Not all data stored in Aurora is securely encrypted at rest
Description
This policy examines the resource aws_rds_cluster to check that encryption is set up. The property storage_encrypted is examined.
Code Example
go
resource "aws_rds_cluster" "example" {
...
cluster_identifier = "aurora-cluster-demo"
+ storage_encrypted = true
...
}Remediation
AWS Console
TBA
CLI Command
=== Fix - Buildtime
Terraform
- Resource: aws_rds_cluster
- Arguments: storage_encrypted
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0149 |
| Severity | HIGH |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_96 |