Skip to content

Encrypt AWS RDS Snapshot


On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots.

If an Amazon RDS database isn't encrypted, its automatic snapshots will not be encrypted and must be encrypted manually.

For more information, please refer to the AWS RDS documentation


Make sure your Amazon RDS snapshots are encrypted to prevent unauthorized access from third parties.

Applies To

  • Latest Blob Instances


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type db

Default Rule

const { isEmptyArray } = module

 * @param {Object} blobInstances - database snapshots
 * @returns {boolean} true if database snapshots are encrypted
function validate(blobInstances) {
    const success = isEmptyArray(blobInstances.values) || 
                    blobInstances.values.every(snap => 
                        snap.configuration &&

    return {

// invoke