Ensure RDS cluster has IAM authentication enabled
Risk Level: High
Cloud Entity: Amazon RDS DBCluster
CloudGuard Rule ID: D9.CFT.IAM.40
Covered by Spectral: Yes
Category: Database
GSL LOGIC
AWS_RDS_DBCluster should have EnableIAMDatabaseAuthentication=trueREMEDIATION
From CFT
Set AWS::RDS::DBCluster::EnableIAMDatabaseAuthentication to true.
See below example;
Resources:
RDSCluster:
Type: 'AWS::RDS::DBCluster'
Properties:
...
EnableIAMDatabaseAuthentication: true
...References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-enableiamdatabaseauthentication
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html
Amazon RDS DBCluster
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated 7 months ago