This rule ensures compliance by encrypting all S3 buckets at rest to enhance data security.
Rule | Ensure all S3 buckets employ encryption-at-rest |
Framework | cis_v130 |
Severity | ✔ High |
Rule Name: S3 Bucket Encryption-at-Rest Enabled
Description
This rule ensures that all Amazon S3 buckets employ encryption-at-rest to protect the data stored within them. Encryption-at-rest ensures that even if unauthorized access is gained to the physical drives storing the data, the information remains secure and inaccessible.
Rationale
Data stored in S3 buckets may contain sensitive, confidential, or regulated information that needs to be protected against unauthorized access and potential data breaches. Enabling encryption-at-rest adds an extra layer of security to prevent unauthorized access to the data.
Remediation
To enable encryption-at-rest for S3 buckets, follow the steps below:
Troubleshooting Steps
If you encounter any issues while enabling encryption-at-rest for S3 buckets, consider the following troubleshooting steps:
Prevention
To prevent the violation of this rule in the future, follow these best practices:
References