Best practices

RDS database instance snapshot is not using customer-managed KMS keys

Risk Level

Informational (4)

Platform(s)

Description

RDS database instance snapshot {AwsRdsDbInstanceSnapshot} is encrypted using the default AWS-managed KMS key
  • Recommended Mitigation

    We recommend to encrypt RDS instance snapshots with customer-managed KMS key, to enable more control over the keys