[RDS.12]
IAM authentication should be configured for RDS clusters
Description
All RDS DB clusters must have IAM database authentication enabled. This allows you to authenticate to clusters using an authentication token instead of a password. This rule is COMPLIANT when a cluster has IAM database authentication enabled.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure access management > Passwordless authentication |
| Compliance Control ID | RDS.12 |
| FortifyFox ID | FF100039 |
| Link | RDS.12 Compliance |
| Resource Type(s) | AWS::RDS::DBCluster |
| Severity | Medium |
Remediation
Use the following CloudFormation templates to deploy an RDS DB Cluster compliant with RDS.12
YAML Template
Resources:
rdsDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
EnableIAMDatabaseAuthentication: true
JSON Template
{
"Resources": {
"rdsDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"EnableIAMDatabaseAuthentication": true
}
}
}
}