RDS encryption has not been enabled at a DB Instance level.

Explanation

Encryption should be enabled for an RDS Database instances.

When enabling encryption by setting the kms_key_id.

Possible Impact

Data can be read from RDS instances if compromised

Suggested Resolution

Enable encryption for RDS instances

Insecure Example

The following example will fail the AVD-AWS-0080 check.

---
AWSTemplateFormatVersion: 2010-09-09
Description: Bad example of rds sgr
Resources:
  Instance:
    Type: AWS::RDS::DBInstance
    Properties:
      StorageEncrypted: false


Secure Example

The following example will pass the AVD-AWS-0080 check.

---
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of rds sgr
Resources:
  Instance:
    Type: AWS::RDS::DBInstance
    Properties:
      StorageEncrypted: true
      KmsKeyId: "something"



Getting Started
Services