Amazon Relational Database Service (RDS) allows to easily host and manage a relational database in the cloud. RDS databases can be encrypted, ensuring the security of data-at-rest. In the case that adversaries gain physical access to the storage medium they are not able to access the data.
There is a risk if you answered yes to any of those questions.
It’s recommended to encrypt databases that contain sensitive information. Encryption and decryption are handled transparently by RDS, so no further modifications to the application are necessary.
For aws_cdk.aws_rds.DatabaseCluster and aws_cdk.aws_rds.DatabaseInstance:
from aws_cdk import (
aws_rds as rds
)
class DatabaseStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
rds.DatabaseCluster( # Sensitive, unencrypted by default
self,
"example"
)
For aws_cdk.aws_rds.CfnDBCluster and aws_cdk.aws_rds.CfnDBInstance:
from aws_cdk import (
aws_rds as rds
)
class DatabaseStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
rds.CfnDBCluster( # Sensitive, unencrypted by default
self,
"example"
)
For aws_cdk.aws_rds.DatabaseCluster and aws_cdk.aws_rds.DatabaseInstance:
from aws_cdk import (
aws_rds as rds
)
class DatabaseStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
rds.DatabaseCluster(
self,
"example",
storage_encrypted=True
)
For aws_cdk.aws_rds.CfnDBCluster and aws_cdk.aws_rds.CfnDBInstance:
from aws_cdk import (
aws_rds as rds
)
class DatabaseStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
rds.CfnDBCluster(
self,
"example",
storage_encrypted=True
)