Skip to content

RDS instances are publicly accessible

Description

AWS RDS is a managed DB service enabling quick deployment and management of MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server DB engines.

We recommend you encrypt RDS functions as an additional layer of data from unauthorized access to its storage. RDS native encryption helps protect your applications deployed in the cloud and easily fulfills compliance requirements for data-at-rest encryption.

Fix - Runtime

AWS Console

To change the policy using the AWS Console, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the Amazon RDS console.
  3. On the navigation pane, click Snapshots.
  4. Select the snapshot to encrypt.
  5. Navigate to Snapshot Actions, select Copy Snapshot.
  6. Select your Destination Region, then enter your New DB Snapshot Identifier.
  7. Set Enable Encryption to Yes.
  8. Select your Master Key from the list, then select Copy Snapshot.