AWS AWSCloudFormation documentation change
Summary
Added StorageEncryptionType property documentation to RDS DB Cluster resource, describing encryption options for data at rest (none, sse-rds, sse-kms).
Security assessment
This change adds documentation for encryption configuration options for RDS DB clusters. While encryption at rest is a security feature, there's no evidence this change addresses a specific security vulnerability. It documents existing encryption capabilities to help users properly secure their databases.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-rds-dbcluster.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-rds-dbcluster.md index 3fe364f11..aa1b978d0 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-rds-dbcluster.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-rds-dbcluster.md @@ -1486,0 +1487,14 @@ The reader endpoint for the DB cluster. For example: `mystack-mydbcluster-ro-123 +`StorageEncryptionType` + + +The type of encryption used to protect data at rest in the DB cluster. Possible values: + + * `none` \- The DB cluster is not encrypted. + + * `sse-rds` \- The DB cluster is encrypted using an AWS owned KMS key. + + * `sse-kms` \- The DB cluster is encrypted using a customer managed KMS key or AWS managed KMS key. + + + +