08 - RDS KMS CMK Encrypted

 

Ensure your RDS instances are encrypted at rest using a customer managed key (CMK)

Ensure that your RDS database instances are encrypted at rest using a Customer Managed Key via Kms. This is considered a security best practice and should always be don. Ensuring this is enabled will help with NIST and PCI-DSS compliance.

Audit & Remediation

 

 

  • Select the DB Identifier hyperlink for the database instance you would like to check.
  • Under Configuration check if the Encryption under Storageis set to Not Enabled or aws/rds.

 

 

  • At top right corner of this page select the Actions and then select Take snapshot button.
  • Create a unique name for your snapshot so you can easily locate in a later stage.

 

 

  • On the left panel for Amazon RDS navigate to Snapshots.
  • Select the Snapshot you created in the previous step.
  • At the top right corner, select the Actions drop down menu and select Copy snapshot.

 

 

  • Under Settings create a unique name for your New DB Snapshot Identifier.
  • Under Encryption select Enable Encryption and choose the Master key you wish to encrypt with that is not the default aws/rds.
  • Select the button Copy snapshot.

 

 

  • On the left panel for Amazon RDS navigate to Snapshots.
  • Select the Snapshot you created in the previous step.
  • At the top right corner, select the Actions drop down menu and select Restore snapshot.

 

 

  • Under Settings put in the name of the DB Instance identifier that you will restore to (new database instance).

 

 

  • After your new database has been restored, update your connection strings to the new Database.
  • Once all connections have been updated to the new database, Power down the original database.
  • Once validated that all connections are now using the new database, it is ok to delete the old power downed database.
  • Repeat the outlined steps for each RDS instances that you have.
See all of your AWS RDS Instances in a single place!

Do you want to see all of your RDS Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +

Contact us

LDAPTIVE, LLC.
Mount Pleasant, SC
USA
Email: info@ldaptive.com
Intelligent Discovery ™

LDAPTIVE, LLC 2018 © All Rights Reserved. Privacy Policy | Terms of Service