Best practices

RDS database cluster snapshot is not using customer-managed KMS keys

Risk Level

Informational (4)

Platform(s)

Description

RDS database cluster snapshots are backups for RDS clusters and can be used to restore a cluster. RDS database cluster snapshot '{AwsRdsDbClusterSnapshot}' is encrypted using the default AWS-managed KMS key (key id: '{AwsRdsDbClusterSnapshot.KmsKey.KeyId}'). Cluster snapshots should be encrypted using a customer-managed KMS key in order to enable more control over the key
  • Recommended Mitigation

    We recommend to encrypt RDS cluster snapshots with customer-managed KMS key, to enable more control over the keys