RDS encryption has not been enabled at a DB Instance level.

Explanation

Encryption should be enabled for an RDS Database instances.

When enabling encryption by setting the kms_key_id.

Insecure Example

The following example will fail the AWS052 check.

resource "aws_db_instance" "my-db-instance" {
	
}

Secure Example

The following example will pass the AWS052 check.

resource "aws_db_instance" "my-db-instance" {
	storage_encrypted  = true
}

Related Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html