Skip to main content

AWS RDS Performance Insights should be encrypted

  • GG_ID: GG_IAC_0058
  • Severity: HIGH
  • Complexity: LOW
  • Categories: DATA, PERMISSION
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True

Description#

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. Performance Insights expands on existing Amazon RDS monitoring features to illustrate and help analyze database performance.

The data should always be encrypted at rest and in transit to protect the data if accesses are compromised.

Impact#

Not encrypting data could lead to data leak in case of an attack.

Remediation guidelines#

Enable encryption for RDS Performance insights, providing a KMS key.

External documentation#