CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00333
- creditSnyk Research Team
Description
Encrypting your DB cluster data at rest provides an extra layer of protection against unauthorized access. You can supply your own customer managed KMS key to use for encryption, or RDS can use an AWS managed key which is created automatically. RDS clusters can only be encrypted at the time of creation.
How to fix?
Set the aws_rds_cluster storage_encrypted field to true.
If encrypting with a customer managed KMS
key, kms_key_id should be set to the KMS key ARN.
The storage_encrypted setting can only be enabled at the time the cluster is
created. If you have an existing cluster that is not encrypted, you will need
to recreate it from scratch or from an encrypted copy of an RDS snapshot.
Example Configuration
resource "aws_rds_cluster" "default" {
storage_encrypted = true
# other required fields here
}
Set Properties.StorageEncrypted attribute to true.