Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Data/ Encryption at Rest
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-AWSCIS-ControlsCSA-CCMGDPRHIPAAISO-27001NIST-800-53SOC-2
- Snyk IDSNYK-CC-00248
- creditSnyk Research Team
Description
RDS cluster does not have encryption at rest enabled, which means data is stored on cluster in plaintext.
How to fix?
Ensure that the storage_encrypted attribute is set to true.
Example configuration:
resource "aws_rds_global_cluster" "example" {
storage_encrypted = true
# other required fields here
}
Ensure that the StorageEncrypted property is set to true.
Example configuration:
Type: AWS::RDS::GlobalCluster
Properties:
StorageEncrypted: 'true'
# other required properties