Skip to content

AWS RDS Ensure CA Cert Is Configured

Description

Checks whether or not a CA cert is configured for use on an AWS RDS cluster.

Rationale

A configured CA cert is required to use TLS for encrypting connections to a database, preventing snooping on data while in transit.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type db

Default Rule

const { isEmpty } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if database instance uses SSL/TLS connections
 */
function validate(databaseSettings) {
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.rdsDatabaseInstance &&
                    !isEmpty(databaseSettings.awsDatabaseInstance.rdsDatabaseInstance.caCertId)

    return {
        success,
    }
}

// invoke
validate(databaseSettings);