Added KMS encryption for Aurora DB secrets

[mourya-33]

Feature or Bugfix

• Bugfix

Detail

Added KMS key for encrypting Aurora DB secrets

Relates

#880

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

• Does this PR introduce or modify any input fields or queries - this includes
  fetching data from storage outside the application (e.g. a database, an S3 bucket)? No
  • Is the input sanitized? N/A
  • What precautions are you taking before deserializing the data you consume? N/A
  • Is injection prevented by parametrizing queries? N/A
  • Have you ensured no eval or similar functions are used?N/A
• Does this PR introduce any functionality or component that requires authorization? N/A
  • How have you ensured it respects the existing AuthN/AuthZ mechanisms? N/A
  • Are you logging failed auth attempts?N/A
• Are you using or adding any cryptographic features? N/A
  • Do you use a standard proven implementations? N/A
  • Are the used keys controlled by the customer? Where are they stored? N/A
• Are you introducing any new policies/roles/users? N/A
  • Have you used the least-privilege principle? How? N/A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[dlpzx]

Hi @mourya-33, I fixed the parameter name according to the documentation. I am testing in AWS now that the tests pass. With the new changes I have tested that: (I will update with the test results)

• CICD succeeds
• RDS is still accessible from backend
• with an IAM without permissions to KMS try to get the secret and receive an AccessDenied error

[noah-paige]

Tested in AWS Deployment:

• CICD Pipeline Succeeds (Updates DB Secret to Encrypt with KMS CMK)
• Access Data.all UI ListEnvironments API - reads from DB Successful
• Test Create + Delete Org - Writes to DB Successful

[noah-paige]

looks good - thanks @mourya-33, approving!