AWS RDS Performance Insights should be encrypted

• GG_ID: GG_IAC_0058
• Severity: HIGH
• Complexity: LOW
• Categories: DATA, PERMISSION
• Providers: AWS
• Potential data exposure: True
• Visible in logs: False
• User interaction required: False
• Privileges required: True

Description

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. Performance Insights expands on existing Amazon RDS monitoring features to illustrate and help analyze database performance.

The data should always be encrypted at rest and in transit to protect the data if accesses are compromised.

Impact

Not encrypting data could lead to data leak in case of an attack.

Remediation guidelines

Enable encryption for RDS Performance insights, providing a KMS key.

External documentation

• Overview of Performance Insights on Amazon RDS
• Turning Performance Insights on and off (and set up encryption)