Skip to content

Prowler Documentation Site

Not all data stored in Aurora is securely encrypted at rest

prowler-cloud/prowler

Not all data stored in Aurora is securely encrypted at rest

Description

This policy examines the resource aws_rds_cluster to check that encryption is set up. The property storage_encrypted is examined.

Fix - Runtime

AWS Console

TBA

CLI Command

Fix - Buildtime

Terraform

Resource: aws_rds_cluster
Argument: storage_encrypted

```go aws_rds_cluster.test.tf resource "aws_rds_cluster" "example" { ... cluster_identifier = "aurora-cluster-demo" + storage_encrypted = true ... }


## CloudFormation

- **Resource:** AWS::RDS::DBCluster 
- **Argument:** Properties.StorageEncrypted

```yaml
Resources:
  Aurora:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      ...
      Engine: 'aurora'
+     StorageEncrypted: true
            ...