Amazon_EC2_56
Ensure that storage is encrypted by KMS on instances that, based on their name, might host a database. Covered DBs include: couchbase, riak,redis, hbase, Oracle, SAP Hana, Postgres, cassandra, hadoop, Mongo, Neo4j and any server with DB, SQL, database or graph in name
On the AWS console, configure the filesystem on the instance(s) to be encrypted, using a key that is stored in a file on an S3 bucket (created for this purpose). This involves creating an S3 bucket, with a permissions policy, creating & encrypting an encryption key and storing it in the bucket, and then configuring the instances to use the key to encrypt the filesystems, all from the AWS console. Follow the steps in https://aws.amazon.com/blogs/security/how-to-protect-data-at-rest-with-amazon-ec2-instance-store-encryption in particular the section ‘ Implementing the Solution ‘
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
