terraform.aws.best-practice.aws-rds-cluster-iam-authentication-not-enabled.aws-rds-cluster-iam-authentication-not-enabled

semgrep

Author

unknown

Download Count*

LGPL Commons Clause

License

The AWS RDS Cluster is not configured to use IAM authentication. Consider using IAM for authentication.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: aws-rds-cluster-iam-authentication-not-enabled
    patterns:
      - pattern: |
          resource "aws_rds_cluster" $ANYTHING {
            ...
          }
      - pattern-not-inside: |
          resource "aws_rds_cluster" $ANYTHING {
            ...
            iam_database_authentication_enabled = true
            ...
          }
    message: The AWS RDS Cluster is not configured to use IAM authentication.
      Consider using IAM for authentication.
    languages:
      - hcl
    severity: WARNING
    metadata:
      category: best-practice
      technology:
        - terraform
        - aws
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

aws-rds-cluster-iam-authentication-not-enabled.tf

# pass

resource "aws_rds_cluster" "enabled" {
  master_username         = "username"
  master_password         = "password"

  iam_database_authentication_enabled = true
}

# failure
# ruleid: aws-rds-cluster-iam-authentication-not-enabled
resource "aws_rds_cluster" "default" {
  master_username         = "username"
  master_password         = "password"
}
# ruleid: aws-rds-cluster-iam-authentication-not-enabled
resource "aws_rds_cluster" "disabled" {
  master_username         = "username"
  master_password         = "password"

  iam_database_authentication_enabled = false
}

Short Link: https://sg.run/eX3b