79343542

Date: 2025-01-09 17:41:05
Score: 2
Natty:
Report link

I found this article that shows how to do the encryption part. https://medium.com/@mattgillard/how-to-enforce-encryption-on-aws-rds-the-correct-way-4c55251ce40e

{
  "Version": "2012-10-17",
  "Statement": [
{
      "Action": [
        "rds:CreateDBInstance"
      ],
      "Condition": {
        "StringNotLike": {
          "rds:DatabaseEngine": "aurora*"
        },
        "Bool": {
          "rds:StorageEncrypted": "false"
        }
      },
      "Effect": "Deny",
      "Resource": [
        "*"
      ],
      "Sid": "DenyUnencyptedRDS"
    },
    {
      "Sid": "DenyUnencyptedAurora",
      "Effect": "Deny",
      "Action": [
        "rds:CreateDBCluster"
      ],
      "Resource": [
        "*"
      ],
      "Condition": {
        "Bool": {
          "rds:StorageEncrypted": "false"
        }
      }
    }
  ]
}
Reasons:
  • Blacklisted phrase (1): this article
  • Blacklisted phrase (0.5): medium.com
  • Probably link only (1):
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Low reputation (0.5):
Posted by: toppledwagon