Ensure Alibaba Cloud Transparent Data Encryption is Enabled on instance

Error: Alibaba Cloud Transparent Data Encryption is disabled on instance

Bridgecrew Policy ID: BC_ALI_LOGGING_1
Checkov Check ID: CKV_ALI_22
Severity: LOW

Alibaba Cloud Transparent Data Encryption is disabled on instance

Description

TDE is a security feature that encrypts data at the storage level, which means that data is encrypted as it is written to disk and decrypted when it is read.

By enabling TDE on an instance, you can help to protect the data stored on the instance from unauthorized access or exposure. TDE can help to prevent data breaches and can help to meet compliance requirements that may require data to be encrypted at rest.

Fix - Buildtime

Terraform

resource "alicloud_db_instance" "pass" {
  engine              = "MySQL"
  engine_version      = "5.6"
  instance_type   = "rds.mysql.t1.small"
  instance_storage = "10"
  tde_status          = "Enabled"
  parameters = [{
    name  = "innodb_large_prefix"
    value = "ON"
    }, {
    name  = "connect_timeout"
    value = "50"
  }]
}