AWS053 - Encryption for RDS Perfomance Insights should be enabled.

Explanation

When enabling Performance Insights on an RDS cluster or RDS DB Instance, and encryption key should be provided.

The encryption key specified in performance_insights_kms_key_id references a KMS ARN

Insecure Example

The following example will fail the AWS053 check.

resource "aws_rds_cluster_instance" "bad_example" {
  name                 = "bar"
  performance_insights_enabled = true
  performance_insights_kms_key_id = ""
}

Secure Example

The following example will pass the AWS053 check.

resource "aws_rds_cluster_instance" "good_example" {
  name                 = "bar"
  performance_insights_enabled = true
  performance_insights_kms_key_id = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}