Skip to content

Enable FIPS-compliant SSL Mode

Description

awsRedshiftEnsureUseFipsSslIsTrue.description.md

Rationale

Enable FIPS-compliant SSL mode only if your system is required to be FIPS-compliant.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service redshift

Default Rule

const { isAwsRedshift, getRedshiftClusterParameter } = aws

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'use_fips_ssl' and 'require_ssl' parameter is true
 */
function validate(databaseSettings) {
    const useFipsSslParam =
        isAwsRedshift(databaseSettings) &&
        getRedshiftClusterParameter(databaseSettings, "use_fips_ssl")

    const requireSslParam =
        isAwsRedshift(databaseSettings) &&
        getRedshiftClusterParameter(databaseSettings, "require_ssl")

    const success = 
        useFipsSslParam && useFipsSslParam.parameterValue === "true" && 
        requireSslParam && requireSslParam.parameterValue === "true"

    return {
        success
    }
}

// invoke
validate(databaseSettings);