terraform.aws.best-practice.aws-rds-cluster-iam-authentication-not-enabled.aws-rds-cluster-iam-authentication-not-enabled
semgrep
Author
unknown
Download Count*
License
The AWS RDS Cluster is not configured to use IAM authentication. Consider using IAM for authentication.
Run Locally
Run in CI
Defintion
rules:
- id: aws-rds-cluster-iam-authentication-not-enabled
patterns:
- pattern: |
resource "aws_rds_cluster" $ANYTHING {
...
}
- pattern-not-inside: |
resource "aws_rds_cluster" $ANYTHING {
...
iam_database_authentication_enabled = true
...
}
message: The AWS RDS Cluster is not configured to use IAM authentication.
Consider using IAM for authentication.
languages:
- hcl
severity: WARNING
metadata:
category: best-practice
technology:
- terraform
- aws
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
aws-rds-cluster-iam-authentication-not-enabled.tf
# pass
resource "aws_rds_cluster" "enabled" {
master_username = "username"
master_password = "password"
iam_database_authentication_enabled = true
}
# failure
# ruleid: aws-rds-cluster-iam-authentication-not-enabled
resource "aws_rds_cluster" "default" {
master_username = "username"
master_password = "password"
}
# ruleid: aws-rds-cluster-iam-authentication-not-enabled
resource "aws_rds_cluster" "disabled" {
master_username = "username"
master_password = "password"
iam_database_authentication_enabled = false
}
Short Link: https://sg.run/eX3b