Back to All Checks
Medium RDS Regional

RDS cluster snapshots and database snapshots should be encrypted at rest

NISTISO 27001HIPAA

Description

Checks whether the RDS cluster snapshots and database snapshots are encrypted at rest.

Remediation

To ensure RDS cluster snapshots and database snapshots are encrypted at rest, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon RDS console.
  2. In the navigation pane, choose 'Snapshots'.
  3. Select the snapshot you want to encrypt.
  4. Choose 'Actions', then select 'Copy Snapshot'.
  5. In the 'Copy DB Snapshot' or 'Copy DB Cluster Snapshot' section, for 'Encryption', choose 'Enable Encryption'.
  6. For 'Master Key', select the KMS key to use for encryption.
  7. Provide a name for the new snapshot in the 'New DB Snapshot Identifier' or 'New DB Cluster Snapshot Identifier' field.
  8. Choose 'Copy Snapshot'.
  9. After the snapshot is copied, it will be encrypted with the specified KMS key.
  10. Optionally, modify your RDS instance settings to ensure all future snapshots are encrypted by default.

Compliance

NISTISO 27001HIPAA
Start Your Free Security Check