RDS Instance Backup Transport is not Encrypted

Overview

Checks if the RDS instance's client connections (SQL Server and PostgreSQL) are encrypted. An unencrypted instance allows for sensitive information at transit to be exposed to threats, it's important to ensure the encryption feature is enabled to meet security/compliance requirements. Typically SSL/TSL connections are used to provide a level of security that encrypts data being transferred between the DB Instance and the client.

Vendor

AWS

Cloud Service

RDS

References

https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBInstance.html, https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.html, https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html, https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Security.html#AuroraMySQL.Security.SSL.RequireSSL:~:text=MySQL%20DB%20clusters-,Requiring%20an%20SSL/TLS%20connection%20to%20an%20Aurora%20MySQL%20DB%20cluster,-You%20can%20require, https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.Options.SSL.html#Appendix.Oracle.Options.SSL.OptionGroup:~:text=Adding%20the%20SSL%20option, https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Security.html#:~:text=sslmode%3Dverify%2Dfull%22-,Requiring%20an%20SSL/TLS%20connection%20to%20an%20Aurora%20PostgreSQL%20DB%20cluster,-You%20can%20require

Severity

Item Types

AWS::RDS::DBInstance

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​