Benchmark: BP02 Secure and encrypt backups
Description
Control and detect access to backups using authentication and authorization. Prevent and detect if data integrity of backups is compromised using encryption.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architectedStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select BP02 Secure and encrypt backups.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_rel09_bp02Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_rel09_bp02 --shareControls
- Backup recovery points should be encrypted
- DynamoDB table should have encryption enabled
- EBS default encryption should be enabled
- EBS volume encryption at rest should be enabled
- RDS DB instance encryption at rest should be enabled
- RDS DB snapshots should be encrypted at rest
- S3 bucket default encryption should be enabled