Ensure RDS cluster has IAM authentication enabled
Error: RDS cluster does not have IAM authentication enabled
Bridgecrew Policy ID: BC_AWS_IAM_66
Checkov Check ID: CKV_AWS_162
Severity: MEDIUM
RDS cluster does not have IAM authentication enabled
Description
IAM authentication uses AWS Identity and Access Management (IAM) to authenticate users and applications that connect to your RDS database. This can be more secure than traditional password-based authentication, as it allows you to use IAM policies and multi-factor authentication to control access to your database.
Fix - Buildtime
Terraform
- Resource: aws_rds_cluster
- Argument: iam_database_authentication_enabled
resource "aws_rds_cluster" "enabled" {
...
+ iam_database_authentication_enabled = true
}
CloudFormation
- Resource: AWS::RDS::DBCluster
- Argument: Properties.EnableIAMDatabaseAuthentication
Resources:
Enabled:
Type: 'AWS::RDS::DBCluster'
Properties:
...
+ EnableIAMDatabaseAuthentication: true
Updated 9 months ago