Ensure RDS cluster has IAM authentication enabled

Error: RDS cluster does not have IAM authentication enabled

Bridgecrew Policy ID: BC_AWS_IAM_66
Checkov Check ID: CKV_AWS_162
Severity: MEDIUM

RDS cluster does not have IAM authentication enabled

Description

IAM authentication uses AWS Identity and Access Management (IAM) to authenticate users and applications that connect to your RDS database. This can be more secure than traditional password-based authentication, as it allows you to use IAM policies and multi-factor authentication to control access to your database.

Fix - Buildtime

Terraform

  • Resource: aws_rds_cluster
  • Argument: iam_database_authentication_enabled
resource "aws_rds_cluster" "enabled" {
	...
+ iam_database_authentication_enabled = true
}

CloudFormation

  • Resource: AWS::RDS::DBCluster
  • Argument: Properties.EnableIAMDatabaseAuthentication
Resources:
  Enabled:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      ...
+     EnableIAMDatabaseAuthentication: true