Ensure AWS RDS uses a modern CaCert

Error: AWS RDS does not use a modern CaCert

Bridgecrew Policy ID: BC_AWS_GENERAL_118
Checkov Check ID: CKV_AWS_211
Severity: LOW

AWS RDS does not use a modern CaCert


By ensuring that your AWS RDS uses a modern CA certificate, you can help ensure that the certificate used to secure connections to your database is up to date and free of known vulnerabilities. This can help protect your database from potential attacks and improve the overall security of your system.

Fix - Runtime

Fix - Buildtime


resource "aws_db_instance" "pass" {
  allocated_storage                   = 20
  storage_type                        = "gp2"
  engine                              = "mysql"
  engine_version                      = "5.7"
  instance_class                      = "db.t2.micro"
  name                                = "mydb"
  username                            = "foo"
  password                            = "foobarbaz"
  iam_database_authentication_enabled = true
  storage_encrypted                   = true
  ca_cert_identifier                  = "rds-ca-2019"