Risk Level: Critical
Cloud Entity: Amazon RDS
CloudGuard Rule ID: D9.AWS.VLN.09
Covered by Spectral: No
Category: Database

GSL LOGIC

RDSDBCluster where status = 'available' and engine = 'aurora-postgresql' should not have engineVersion in('10.11','10.12','10.13','11.6','11.7','11.8')

REMEDIATION

From Portal

Log in to AWS Management Console.
Navigate to RDS service.
Locate vulnerable Aurora PostgreSQL RDSDBClusters.
Modify or patch the RDSDBCluster to a newer, non-vulnerable version.
Ensure changes have been applied.

From TF

resource "aws_rds_cluster" "example" {
	engine_version = "latest_version_here" # Replace with the latest non-vulnerable version
}

From Command Line

Update RDSDBCluster version:

aws rds modify-db-cluster --db-cluster-identifier mydbcluster --engine-version latest_version_here

References

Amazon RDS

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

Compliance Frameworks

CloudGuard AWS All Rules Ruleset