RDS Instance Enabled TDE or Disk Encryption
ID: rule:aliyun:rds-instance-enabled-tde-disk-encryption
Severity: medium
Description
RDS instance should have TDE (Transparent Data Encryption) or disk encryption enabled.
Reason for Violation
RDS instance does not have TDE or disk encryption enabled, which may expose data to security risks.
Recommendation
Enable TDE by configuring EncryptionKey or use encrypted storage types (cloud_essd, cloud_essd2, cloud_essd3) for the RDS instance.
Resource Types
ALIYUN::RDS::DBInstanceALIYUN::RDS::PrepayDBInstance