Aws Cluster Snapshot Unencrypted
Description
Detects AWS RDS database cluster snapshots that are not encrypted at rest. Unencrypted RDS cluster snapshots can expose sensitive database contents if the snapshot storage is compromised, putting data confidentiality at risk.
Detection Strategy
• Checks each RDS cluster snapshot in the AWS account and region
• Reports a vulnerability if a snapshot has StorageEncrypted set to false
• For each unencrypted snapshot, captures the snapshot ARN and encryption status in the vulnerability report
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.