There is no encryption specified or encryption is disabled on the RDS Cluster.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | rds |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The RDS Aurora cluster is configured without storage encryption enabled or without specifying a KMS key, leaving data at rest unprotected. This misconfiguration allows data to be stored in plaintext on disk.
Impact#
If the RDS cluster is compromised, attackers could access and read unencrypted database files, exposing sensitive application or customer data and potentially violating compliance requirements.
Resolution#
Enable encryption for RDS clusters