Ensure RDS database has IAM authentication enabled

Error: RDS database does not have IAM authentication enabled

Bridgecrew Policy ID: BC_AWS_IAM_65
Checkov Check ID: CKV_AWS_161
Severity: MEDIUM

RDS database does not have IAM authentication enabled

Description

IAM authentication uses AWS Identity and Access Management (IAM) to authenticate users and applications that connect to your RDS database. This can be more secure than traditional password-based authentication, as it allows you to use IAM policies and multi-factor authentication to control access to your database.

Fix - Buildtime

Terraform

  • Resource: "aws_db_instance
  • Argument: iam_database_authentication_enabled
resource "aws_db_instance" "test" {
	...
+ iam_database_authentication_enabled = true
}

CloudFormation

  • Resource: "AWS::RDS::DBInstance
  • Argument: Properties.EnableIAMDatabaseAuthentication
Resources:
  DB:
    Type: 'AWS::RDS::DBInstance'
    Properties:
      Engine: 'mysql' # or 'postgres'
      ...
+     EnableIAMDatabaseAuthentication: true