Ensure Encryption is Enabled for RDS Instances Rule
This rule ensures encryption is enabled for RDS instances to maintain data security.
| Rule | Ensure that encryption is enabled for RDS Instances |
| Framework | cis_v140 |
| Severity | ✔ Critical |
Rule Description:
The rule "Ensure that encryption is enabled for RDS Instances for cis_v140" focuses on the need to enable encryption for Relational Database Service (RDS) instances. Encryption adds an extra layer of security by encrypting data at rest, protecting it from unauthorized access or disclosure.
Troubleshooting Steps:
If encryption is not enabled for RDS instances, the following troubleshooting steps can be taken to rectify the issue:
- 1.
Verify Encryption Settings: Check if encryption is enabled for the RDS instances by reviewing the configuration settings.
- 2.
Enable Encryption: If encryption is not enabled, proceed to enable it for the RDS instances.
Necessary Code or Configuration:
To enable encryption for RDS instances, you need to modify the instance settings using the AWS Command Line Interface (CLI) or AWS Management Console. Here is an example CLI command:
aws rds modify-db-instance --db-instance-identifier <instance-id> --storage-encrypted
Replace
<instance-id>Step-by-Step Guide for Remediation:
Follow the steps below to enable encryption for RDS instances:
- 1.
Log in to the AWS Management Console.
- 2.
Go to the Amazon RDS service page.
- 3.
Select the appropriate region from the top-right corner, where your RDS instances are located.
- 4.
Click on "Databases" in the left-hand sidebar.
- 5.
Identify the RDS instance that you wish to enable encryption for. Select the checkbox next to the instance.
- 6.
Click on "Actions" and choose "Modify".
- 7.
In the Modify DB Instance settings, scroll down to the "Storage" section.
- 8.
Enable the "Encryption" option or check the box for "Encrypt storage".
- 9.
Click on "Continue" and review the summary of the modifications.
- 10.
Click on "Modify DB Instance" to apply the changes.
- 11.
Monitor the modification progress, which may take a few minutes.
Once the encryption is enabled, the RDS instance data will be encrypted at rest, providing an enhanced level of security for your database.
Conclusion:
Enabling encryption for RDS instances ensures that data at rest is protected from unauthorized access or disclosure. By following the provided guidance and executing the necessary steps to enable encryption, you can enhance the security posture of your RDS instances in accordance with the CIS benchmark requirements.