Skip to content

Prowler Documentation

Not all data stored in Aurora is securely encrypted at rest

prowler-cloud/prowler

Not all data stored in Aurora is securely encrypted at rest

Description

This policy examines the resource aws_rds_cluster to check that encryption is set up. The property storage_encrypted is examined.

Fix - Runtime

AWS Console

TBA

CLI Command

Fix - Buildtime

Terraform

Resource: aws_rds_cluster
Argument: storage_encrypted

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

CloudFormation

Resource: AWS::RDS::DBCluster
Argument: Properties.StorageEncrypted

Resources:
  Aurora:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      ...
      Engine: 'aurora'
+     StorageEncrypted: true
            ...