Ensure Alibaba Cloud Transparent Data Encryption is Enabled on instance
Error: Alibaba Cloud Transparent Data Encryption is disabled on instance
Bridgecrew Policy ID: BC_ALI_LOGGING_1
Checkov Check ID: CKV_ALI_22
Severity: LOW
Alibaba Cloud Transparent Data Encryption is disabled on instance
Description
TDE is a security feature that encrypts data at the storage level, which means that data is encrypted as it is written to disk and decrypted when it is read.
By enabling TDE on an instance, you can help to protect the data stored on the instance from unauthorized access or exposure. TDE can help to prevent data breaches and can help to meet compliance requirements that may require data to be encrypted at rest.
Fix - Buildtime
Terraform
resource "alicloud_db_instance" "pass" {
engine = "MySQL"
engine_version = "5.6"
instance_type = "rds.mysql.t1.small"
instance_storage = "10"
tde_status = "Enabled"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
}, {
name = "connect_timeout"
value = "50"
}]
}
Updated 9 months ago