12 lines
556 B
Plaintext
12 lines
556 B
Plaintext
Using unencrypted RDS DB resources exposes data to unauthorized access to the
|
|
underlying storage. +
|
|
This includes database data, logs, automatic backups, read replicas, snapshots,
|
|
and cluster metadata.
|
|
|
|
This situation can occur in a variety of scenarios, such as:
|
|
|
|
* a malicious insider working at the cloud provider gains physical access to the storage device and exfiltrates data.
|
|
* unknown attackers penetrate the cloud provider's logical infrastructure and systems for extortion.
|
|
|
|
AWS-managed encryption at rest reduces this risk with a simple switch.
|