Description: 

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Encryption f RDS instances becomes very crucial as part of overall security posture.


Rationale: 

It is recommended that your RDS instance should be always encrypted  in order to prevent potential leak or misuse of sensitive data and security threats.


Remediation:

Enabling Automated Backups


If your DB instance doesn't have automated backups enabled, you can enable them at any time. You enable automated backups by setting the backup retention period to a positive non-zero value. When automated backups are enabled, your RDS instance and database is taken offline and a backup is immediately created. 

To enable automated backups immediately

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/
  2. In the navigation pane, choose Databases, and then choose the DB instance that you want to modify.
  3. Choose Modify. The Modify DB Instance page appears.
  4. For Backup Retention Period, choose a positive nonzero value, for example 3 days.
  5. Choose Continue.
  6. Choose Apply Immediately.
  7. On the confirmation page, choose Modify DB Instance to save your changes and enable automated backups.


When you delete a DB instance, you can retain automated backups. Retained automated backups contain system snapshots and transaction logs from a DB instance. They also include your DB instance properties like allocated storage and DB instance class, which are required to restore it to an active instance.

You can retain automated backups for RDS instances running MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server engines. You can restore or remove retained automated backups using the AWS Management Console, RDS API, and AWS CLI.

  •     Retention Period
  •     Restoration
  •     Retention Costs
  •     Limitations and Recommendations
  •     Deleting Retained Automated Backups


References: 

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html 

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html