Skip to content

AWS RDS Ensure Default User Not Used

Description

Ensures that "awsuser" is not used as a username.

Rationale

Using the default username makes it more likely that scraping software guesses the master username.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type db

Default Rule

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if database instance is not using 'awsuser' as master username
 */
function validate(databaseSettings) {
    const defaultUser = "awsuser"
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.rdsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.rdsDatabaseInstance.masterUsername !== defaultUser

    return {
        success,
    }
}

// invoke
validate(databaseSettings);