Rule: RDS DB Instance Encryption at Rest Enabled
This rule ensures that RDS DB instance encryption at rest is enabled to enhance data security.
| Rule | RDS DB instance encryption at rest should be enabled |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Low |
Rule Description:
RDS DB instance encryption at rest should be enabled for GxP 21 CFR Part 11.
As per GxP 21 CFR Part 11 regulations, it is necessary to ensure the security and confidentiality of electronic records and signatures maintained in RDS (Relational Database Service) DB instances. One crucial step is to enable encryption at rest for the RDS DB instances. Encryption at rest protects the stored data in the database by encrypting it while it is stored on disk, helping to prevent unauthorized access or disclosure.
Troubleshooting Steps (if applicable):
If encryption at rest is not enabled for the RDS DB instances, the following troubleshooting steps can be followed to rectify the issue:
- 1.
Identify the RDS DB instance: Start by identifying the RDS DB instance that does not have encryption at rest enabled.
- 2.
Verify the encryption status: Confirm whether encryption at rest is currently enabled or disabled for the identified RDS DB instance.
- 3.
Enable encryption at rest: If encryption at rest is not enabled, proceed with enabling it.
Necessary Codes (if applicable):
In order to enable encryption at rest for an RDS DB instance, the following code can be used:
aws rds modify-db-instance \ --db-instance-identifier <db-instance-identifier> \ --storage-encrypted
Replace
<db-instance-identifier>Step-by-Step Guide for Remediation:
To enable encryption at rest for an RDS DB instance in compliance with GxP 21 CFR Part 11, follow these step-by-step instructions:
- 1.Log in to the AWS Management Console.
- 2.Open the Amazon RDS console.
- 3.Select the appropriate region from the top-right corner.
- 4.In the left navigation pane, click on "Databases" to view the list of RDS DB instances.
- 5.Identify the RDS DB instance that needs encryption at rest enabled.
- 6.Click on the checkbox next to the DB instance to select it.
- 7.From the "Actions" dropdown menu, select "Modify".
- 8.Scroll down to the "Storage" section.
- 9.Check the "Enable encryption" checkbox or verify that it is already checked.
- 10.Click on the "Continue" button.
- 11.Review the modifications summary.
- 12.Click on the "Modify DB Instance" button to apply the changes.
- 13.Wait for the modification to complete. It may take a few minutes.
- 14.Once the modification is completed, the RDS DB instance will have encryption at rest enabled.
Please note that enabling encryption at rest for an RDS DB instance may require additional resources and could incur additional costs. It is essential to review the implications before making any modifications.