From 0b6ce2d6eb2902c1f3fdc0598a371db6bcf621c0 Mon Sep 17 00:00:00 2001
From: Niall Creech <niall.creech@digital.justice.gov.uk>
Date: Wed, 15 Jun 2016 13:24:18 +0100
Subject: [PATCH] Default RDS encryption to true

At the moment RDS encryption follows AWS defaults, ie, its set to
False. To avoid situations where data is left left secure by
mistake, we default to having encryption on, meaning that if
data security requirements are not explicitly set, we default
to the most secure.
---
 bootstrap_cfn/config.py | 2 +-
 tests/tests.py          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bootstrap_cfn/config.py b/bootstrap_cfn/config.py
index 2e4908e..341cdcc 100644
--- a/bootstrap_cfn/config.py
+++ b/bootstrap_cfn/config.py
@@ -470,7 +470,7 @@ def rds(self, template):
             AutoMinorVersionUpgrade=False,
             VPCSecurityGroups=[GetAtt(database_sg, "GroupId")],
             DBSubnetGroupName=Ref(rds_subnet_group),
-            StorageEncrypted=False,
+            StorageEncrypted=True,
             DependsOn=database_sg.title
         )
         resources.append(rds_instance)
diff --git a/tests/tests.py b/tests/tests.py
index f96b4a6..1f984b6 100755
--- a/tests/tests.py
+++ b/tests/tests.py
@@ -281,7 +281,7 @@ def test_rds(self):
         db_instance.MasterUserPassword = 'testpassword'
         db_instance.DBName = 'test'
         db_instance.PubliclyAccessible = False
-        db_instance.StorageEncrypted = False
+        db_instance.StorageEncrypted = True
         db_instance.StorageType = 'gp2'
         db_instance.AllocatedStorage = 5
         db_instance.AllowMajorVersionUpgrade = False