Default RDS encryption to true

At the moment RDS encryption follows AWS defaults, ie, its set to False. To avoid situations where data is left left secure by mistake, we default to having encryption on, meaning that if data security requirements are not explicitly set, we default to the most secure.
ministryofjustice · Jun 15, 2016 · 0b6ce2d · 0b6ce2d
1 parent e32882a
commit 0b6ce2d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/bootstrap_cfn/config.py b/bootstrap_cfn/config.py
@@ -470,7 +470,7 @@ def rds(self, template):
             AutoMinorVersionUpgrade=False,
             VPCSecurityGroups=[GetAtt(database_sg, "GroupId")],
             DBSubnetGroupName=Ref(rds_subnet_group),
-            StorageEncrypted=False,
+            StorageEncrypted=True,
             DependsOn=database_sg.title
         )
         resources.append(rds_instance)

diff --git a/tests/tests.py b/tests/tests.py
@@ -281,7 +281,7 @@ def test_rds(self):
         db_instance.MasterUserPassword = 'testpassword'
         db_instance.DBName = 'test'
         db_instance.PubliclyAccessible = False
-        db_instance.StorageEncrypted = False
+        db_instance.StorageEncrypted = True
         db_instance.StorageType = 'gp2'
         db_instance.AllocatedStorage = 5
         db_instance.AllowMajorVersionUpgrade = False