F27: StorageEncrypted Should Not Be Specified for RDS Read Replicas
kyarosh opened this issue · 0 comments
kyarosh commented
(Similar to issue #183)
F27 ("RDS DBInstance should have StorageEncrypted enabled") is flagged on RDS instances where encryption is not explicitly enabled.
However, according to the CloudFormation documentation for RDS, encryption properties should not be specified for RDS read replicas:
If you specify the
SnapshotIdentifierorSourceDBInstanceIdentifierproperty, don't specify this property. The value is inherited from the snapshot or source DB instance, and if the DB instance is encrypted, the specified KmsKeyId property is used.