[RDS.10]
IAM authentication should be configured for RDS instances
Description
All RDS DB instances must have IAM database authentication enabled. This allows you to authenticate to instances using an authentication token instead of a password. This rule is COMPLIANT when an instance has IAM database authentication enabled.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure access management > Passwordless authentication |
| Compliance Control ID | RDS.10 |
| FortifyFox ID | FF100038 |
| Link | RDS.10 Compliance |
| Resource Type(s) | AWS::RDS::DBInstance |
| Severity | Medium |
Remediation
Use the following CloudFormation templates to deploy an RDS DB Instance compliant with RDS.10
YAML Template
Resources:
rdsDB:
Type: "AWS::RDS::DBInstance"
Properties:
EnableIAMDatabaseAuthentication: true
JSON Template
{
"Resources": {
"rdsDB": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"EnableIAMDatabaseAuthentication": true
}
}
}
}