Skip to content

Ensure IAM Authentication Used for Access

Description

Checks whether or not IAM authentication is configured for access to an AWS RDS instance.

Rationale

Using IAM authentication allows for the use of time limited tokens granted by AWS to authenticate to that database, instead of storing password and user credentials.

It also allows the ability to terminate database access to IAM users, allowing for simpler user management.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type db

Default Rule

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if database instance has IAM authentication enabled
 */
function validate(databaseSettings) {
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.rdsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.rdsDatabaseInstance.iamDbAuth

    return {
        success,
    }
}

// invoke
validate(databaseSettings);