RDS Cluster Snapshot not Encrypted

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

RDS cluster snapshots that are unencrypted. Relational Database Service (RDS) snapshots are encrypted-at-rest when the RDS instance is configured with encryption. Once RDS is encrypted the data is encrypted-at-rest and traffic inside the instance as well as all snapshots created from the instance are encrypted. RDS clusters are not encrypted by default. RDS encryption should be enabled on all RDS instances to ensure the snapshots are encrypted as well.