2305a03968
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
17 lines
712 B
Plaintext
17 lines
712 B
Plaintext
Using unencrypted RDS DB resources exposes data to unauthorized access. +
|
|
This includes database data, logs, automatic backups, read replicas, snapshots,
|
|
and cluster metadata.
|
|
|
|
This situation can occur in a variety of scenarios, such as:
|
|
|
|
* A malicious insider working at the cloud provider gains physical access to the storage device.
|
|
* Unknown attackers penetrate the cloud provider's logical infrastructure and systems.
|
|
|
|
After a successful intrusion, the underlying applications are exposed to:
|
|
|
|
* theft of intellectual property and/or personal data
|
|
* extortion
|
|
* denial of services and security bypasses via data corruption or deletion
|
|
|
|
AWS-managed encryption at rest reduces this risk with a simple switch.
|