Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Snapshots Should Be Encrypted at Rest

This rule ensures that all RDS DB snapshots are encrypted at rest to enhance data security.

RuleRDS DB snapshots should be encrypted at rest
FrameworkHIPAA
Severity
Medium

Rule Description:

RDS DB snapshots should be encrypted at rest to meet the HIPAA (Health Insurance Portability and Accountability Act) requirements for data security and privacy. Encrypting the RDS DB snapshots ensures that sensitive data stored within the snapshots is protected from unauthorized access or disclosure.

Troubleshooting Steps:

If the RDS DB snapshots are not encrypted at rest, follow the troubleshooting steps below to enable encryption:

  2. 1.

    Verify the snapshot encryption status:

    • Open the Amazon RDS console.
    • Select the appropriate AWS Region.
    • Click on "Snapshots" in the left-hand menu.
    • Locate the DB snapshot in question and check the "Encrypted" column. If it is not encrypted, proceed to the next step.
  4. 2.

    Enable encryption for the RDS DB snapshot:

    • Select the DB snapshot that needs to be encrypted.
    • Click on "Actions" and choose "Copy Snapshot" from the dropdown menu.
    • In the "Copy Snapshot" dialog box, enable the "Encrypt snapshot" option.
    • Select the desired KMS (Key Management Service) key or allow RDS to create a new one.
    • Click on "Copy Snapshot" to create an encrypted copy of the RDS DB snapshot.
  6. 3.

    Validate the encryption status:

    • Check the "Snapshots" list and verify that the newly created snapshot is encrypted.

Necessary Codes:

No specific code is required for this configuration change. The encryption can be enabled through the AWS Management Console.

Step-by-Step Guide for Remediation:

To enable encryption for RDS DB snapshots:

  2. 1.

    Open the Amazon RDS console: https://console.aws.amazon.com/rds/.

  4. 2.

    Select the appropriate AWS Region where your RDS DB snapshot resides.

  6. 3.

    Click on "Snapshots" in the left-hand menu.

  8. 4.

    Locate the DB snapshot that needs to be encrypted.

  10. 5.

    Verify the "Encrypted" column status. If it shows "No," proceed to the next step.

  12. 6.

    Select the DB snapshot.

  14. 7.

    Click on "Actions" at the top-right corner.

  16. 8.

    Choose "Copy Snapshot" from the dropdown menu.

  18. 9.

    In the "Copy Snapshot" dialog box, enable the "Encrypt snapshot" option.

  20. 10.

    Select the desired KMS key from the "KMS key" dropdown menu. If you don't have a key, choose "Create a new KMS key."

  22. 11.

    Click on "Copy Snapshot" to initiate the creation of an encrypted copy of the RDS DB snapshot.

  24. 12.

    Monitor the progress of the snapshot creation. Once completed, the newly created snapshot will be encrypted.

  26. 13.

    Verify the encryption status in the "Snapshots" list.

By following these steps, you will ensure that your RDS DB snapshots are encrypted at rest, meeting the HIPAA requirements for data security and privacy.

Is your System Free of Underlying Vulnerabilities?
Find Out Now