Skip to content

AWS RDS Security Patch Updates

Description

Ensures that a AWS RDS instance is being kept up to date with security patches.

Rationale

Maintaining compliance with security patches is critical to ensuring that software vulnerabilities do not affect your security posture.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type db

Default Rule

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the database instance has Auto Minor Version upgrade enabled
 */
function validate(databaseSettings) {
    const success = databaseSettings.awsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.rdsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.rdsDatabaseInstance.maintenance &&
        databaseSettings.awsDatabaseInstance.rdsDatabaseInstance.maintenance.autoMinorVersionUpgrade

    return {
        success,
    }
}

// invoke
validate(databaseSettings);