encrypt-instance-storage-data
Default Severity: high
Explanation
Encryption should be enabled for an RDS Database instances.
When enabling encryption by setting the kms_key_id.
Possible Impact
Data can be read from RDS instances if compromised
Suggested Resolution
Enable encryption for RDS instances
Insecure Example
The following example will fail the aws-rds-encrypt-instance-storage-data check.
resource "aws_db_instance" "bad_example" {
}
Secure Example
The following example will pass the aws-rds-encrypt-instance-storage-data check.
resource "aws_db_instance" "good_example" {
storage_encrypted = true
}