Ensure AWS RDS PostgreSQL instances use a non-vulnerable version of log_fdw extension

Error: AWS RDS PostgreSQL exposed to local file read vulnerability

Bridgecrew Policy ID: BC_AWS_GENERAL_130
Checkov Check ID: CKV_AWS_250
Severity: LOW

AWS RDS PostgreSQL exposed to local file read vulnerability

Description

The log_fdw extension for Amazon Relational Database Service (AWS RDS) PostgreSQL instances allows you to query log files from foreign servers as if they were tables in a database. However, certain versions of the log_fdw extension may contain vulnerabilities that can be exploited by attackers.

By ensuring that your AWS RDS PostgreSQL instances use a non-vulnerable version of the log_fdw extension, you can help protect your database from potential security threats.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_db_instance" "pass" {
  name           = "name"
  instance_class = "db.t3.micro"
  engine         = "postgres"
  engine_version = "13.3"
}

resource "aws_rds_cluster" "pass" {
  engine = "aurora-postgresql"
  engine_version = "11.9"
}