Rule: RDS DB Snapshots Should be Encrypted at Rest
Check compliance status of encrypting RDS DB snapshots at rest
| Rule | RDS DB snapshots should be encrypted at rest |
| Framework | GxP EU Annex 11 |
| Severity | ✔ Medium |
Rule:
RDS DB snapshots should be encrypted at rest to comply with GxP EU Annex 11 regulations.
Description:
GxP EU Annex 11 regulations require that all data stored in RDS DB snapshots must be encrypted at rest. Encryption adds an extra layer of security to protect sensitive data from unauthorized access, ensuring compliance with data protection standards.
Troubleshooting:
If RDS DB snapshots are not encrypted at rest, it can lead to potential compliance violations. Unauthorized access to the snapshots could result in data breaches and compromise the integrity and confidentiality of sensitive information.
Codes:
To enable encryption at rest for RDS DB snapshots, you can use the following AWS CLI command:
aws rds modify-db-snapshot-attribute --db-snapshot-identifier <snapshot-id> --attribute-name encryption --values true
Remediation:
Follow the step-by-step guide below to encrypt RDS DB snapshots at rest:
- 1.Identify the RDS DB snapshot that needs to be encrypted.
- 2.Open the AWS Command Line Interface (CLI) or AWS CLI PowerShell.
- 3.Run the following command to enable encryption for the specific DB snapshot:
aws rds modify-db-snapshot-attribute --db-snapshot-identifier <snapshot-id> --attribute-name encryption --values true
Replace
<snapshot-id>- 1.Wait for the command to complete and verify that encryption is enabled for the snapshot.
By following the above steps, the RDS DB snapshots will be encrypted at rest, ensuring compliance with GxP EU Annex 11 regulations.