RDS encryption has not been enabled at a DB Instance level.

Explanation

Encryption should be enabled for an RDS Database instances.

When enabling encryption by setting the kms_key_id.

Possible Impact

Data can be read from RDS instances if compromised

Suggested Resolution

Enable encryption for RDS instances

Insecure Example

The following example will fail the aws-rds-encrypt-instance-storage-data check.

resource "aws_db_instance" "bad_example" {
	
}

Secure Example

The following example will pass the aws-rds-encrypt-instance-storage-data check.

resource "aws_db_instance" "good_example" {
	storage_encrypted  = true
}

Getting Started
Provider Checks
Config
GitHub Actions