Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

RDS DB Instance Encryption at Rest Rule

This rule ensures RDS DB instance encryption at rest is enabled for data security.

RuleRDS DB instance encryption at rest should be enabled
FrameworkHIPAA
Severity
Low

RDS DB Instance Encryption at Rest for HIPAA Compliance

Description

In order to meet the security requirements outlined by the Health Insurance Portability and Accountability Act (HIPAA), it is necessary to enable encryption at rest for your Amazon Relational Database Service (RDS) instances. Encryption at rest ensures that the data stored in your RDS databases remains secure and protected from unauthorized access, helping to maintain the confidentiality and integrity of sensitive healthcare information.

Troubleshooting Steps

If you encounter any issues while enabling encryption at rest for your RDS DB instance, please follow these troubleshooting steps:

  1. 1.
    Confirm that your RDS instance is using the correct version and engine type that supports encryption at rest. Not all RDS engine versions are capable of encryption at rest.
  2. 2.
    Ensure that your AWS Identity and Access Management (IAM) user or role has the necessary permissions to modify the RDS instance and enable encryption at rest.
  3. 3.
    Verify that your RDS instance's storage volume is not currently undergoing any snapshots or backups, as these operations may prevent encryption at rest from being enabled.
  4. 4.
    If you have previously enabled encryption on this RDS instance and encountered any issues, consider creating a new RDS instance with encryption enabled and migrating your data to the new instance.

Necessary Codes (if applicable)

If you need to specify encryption for your RDS DB instance in code, you can use the following snippet as a reference:

import boto3

client = boto3.client('rds')

response = client.modify_db_instance(
    DBInstanceIdentifier='your-db-instance-id',
    StorageEncrypted=True
)

Step-by-Step Guide for Remediation

  1. 1.
    Log in to the AWS Management Console.
  2. 2.
    Go to the "Amazon RDS" service.
  3. 3.
    Select the desired DB instance for which you want to enable encryption at rest.
  4. 4.
    Click on the "Actions" button and choose "Modify" from the dropdown menu.
  5. 5.
    In the "Settings" section, scroll down to the "Storage" options.
  6. 6.
    Check the box for "Encrypt storage".
  7. 7.
    Optionally, you can choose to specify a custom AWS Key Management Service (KMS) key or use the default key provided by AWS.
  8. 8.
    Click on "Continue" and review the configuration changes.
  9. 9.
    If everything looks correct, click on "Modify DB Instance" to apply the changes.
  10. 10.
    Wait for the modification to complete. This may take a few minutes to hours depending on the size of your database.
  11. 11.
    Verify that the encryption at rest has been successfully enabled by checking the RDS DB instance details page.
  12. 12.
    Ensure to update any relevant documentation or compliance artifacts to reflect the encryption at rest configuration for HIPAA compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now