Amazon RDS
Overview
Critical
2High
0Medium
1Low
0Informational
0Security issues (3)
Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|---|
Critical | PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | database-1-final-snapshot | RDS DB snapshot has no encryption. | To ensure the data is encrypted at rest, copy the non-encrypted snapshot into a new one. Select Enable Encryption option to make sure the copy is encrypted. | More info | |
Critical | PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | test | RDS DB snapshot has no encryption. | To ensure the data is encrypted at rest, copy the non-encrypted snapshot into a new one. Select Enable Encryption option to make sure the copy is encrypted. | More info | |
Medium | — | us-east-1 | test-encrypted | RDS snapshot uses an encryption key "0e84f319-3c54-4544-aa77-0b06e916cfd7", which is not a recommended KMS customer-managed key, but an AWS default key "aws/rds". | When a new RDS snapshot is created, make sure it uses KMS customer-managed keys. | More info |
Databases (0)
Cluster | Region | DB identifier | Type | Engine | Region & AZ | Size | Status | VPC | Security issues |
---|
Snapshots (3)
Region | Snapshot name | DB instance or cluster | Snapshot creation time | DB Instance created time | Status | Engine | VPC | Snapshot type | Security issues |
---|---|---|---|---|---|---|---|---|---|
us-east-1 | database-1-final-snapshot | database-1 | Available | MySQL | — | manual | 1 Critical (details) | ||
us-east-1 | test | database-1 | Available | MySQL | — | manual | 1 Critical (details) | ||
us-east-1 | test-encrypted | database-1 | Available | MySQL | — | manual | 1 Medium (details) |
Parameter groups (6)
Region | Name | Family | Type | Description | Security issues |
---|---|---|---|---|---|
us-east-1 | default.aurora-mysql5.7 | aurora-mysql5.7 | Parameter groups | Default parameter group for aurora-mysql5.7 | — |
us-east-1 | default.mysql8.0 | mysql8.0 | Parameter groups | Default parameter group for mysql8.0 | — |
us-east-1 | default.aurora-mysql5.7 | aurora-mysql5.7 | DB cluster parameter group | Default cluster parameter group for aurora-mysql5.7 | — |
us-east-2 | default.aurora-mysql5.7 | aurora-mysql5.7 | Parameter groups | Default parameter group for aurora-mysql5.7 | — |
us-east-2 | default.mariadb10.4 | mariadb10.4 | Parameter groups | Default parameter group for mariadb10.4 | — |
us-east-2 | default.aurora-mysql5.7 | aurora-mysql5.7 | DB cluster parameter group | Default cluster parameter group for aurora-mysql5.7 | — |