Using unencrypted RDS DB resources exposes data to unauthorized access. +
This includes database data, logs, automatic backups, read replicas, snapshots,
and cluster metadata.

This situation can occur in a variety of scenarios, such as:

* A malicious insider working at the cloud provider gains physical access to the storage device.
* Unknown attackers penetrate the cloud provider's logical infrastructure and systems.

After a successful intrusion, the underlying applications are exposed to:

* theft of intellectual property and/or personal data
* extortion
* denial of services and security bypasses via data corruption or deletion

AWS-managed encryption at rest reduces this risk with a simple switch.