AWS-024 Amazon Web Services (AWS)

RDS instances are encrypted at rest.

RDS instances are encrypted at rest.

Domain
Amazon Web Services (AWS)
Area
Data Protection
Automated / manual
Automated

Risk if it fails

Unencrypted databases expose all records on storage access.

A database is where the crown jewels live. If its storage is unencrypted, a single leaked snapshot hands the attacker every customer record.

How Tess tests it

1 test — each concludes only on cited evidence.

RDS instances are encrypted at rest.

Automated
Procedure
List RDS instances and confirm StorageEncrypted=true.

Read-only command 

aws rds describe-db-instances --query 'DBInstances[].{Id:DBInstanceIdentifier,Enc:StorageEncrypted}'

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-004 Strong IAM password policy is enforced.

Want Tess to test AWS-024 against your evidence?

Book a demo