Best practices

RDS database cluster snapshot is not using customer-managed KMS keys

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

RDS database cluster snapshots are backups for RDS clusters and can be used to restore a cluster. RDS database cluster snapshot '{AwsRdsDbClusterSnapshot}' is encrypted using the default AWS-managed KMS key (key id: '{AwsRdsDbClusterSnapshot.KmsKey.KeyId}'). Cluster snapshots should be encrypted using a customer-managed KMS key in order to enable more control over the key

  • Recommended Mitigation

    We recommend to encrypt RDS cluster snapshots with customer-managed KMS key, to enable more control over the keys

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.