There is no encryption specified or encryption is disabled on the RDS Cluster.

Explanation

Encryption should be enabled for an RDS Aurora cluster.

When enabling encryption by setting the kms_key_id, the storage_encrypted must also be set to true.

Insecure Example

The following example will fail the AWS051 check.

resource "aws_rds_cluster" "foo" {
  name       = "bar"
  kms_key_id = ""
}

Secure Example

The following example will pass the AWS051 check.

resource "aws_rds_cluster" "foo" {
  name              = "bar"
  kms_key_id  = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
  storage_encrypted = true
}

Related Links

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster