terraform.aws.best-practice.aws-rds-iam-authentication-not-enabled.aws-rds-iam-authentication-not-enabled
semgrep
Author
unknown
Download Count*
License
The AWS RDS is not configured to use IAM authentication. Consider using IAM for authentication.
Run Locally
Run in CI
Defintion
rules:
- id: aws-rds-iam-authentication-not-enabled
patterns:
- pattern: |
resource "aws_db_instance" $ANYTHING {
...
}
- pattern-not-inside: |
resource "aws_db_instance" $ANYTHING {
...
iam_database_authentication_enabled = true
...
}
message: The AWS RDS is not configured to use IAM authentication. Consider using
IAM for authentication.
languages:
- hcl
severity: WARNING
metadata:
category: best-practice
technology:
- terraform
- aws
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
aws-rds-iam-authentication-not-enabled.tf
# pass
resource "aws_db_instance" "enabled_mysql" {
allocated_storage = 5
engine = "postgres"
instance_class = "db.t3.small"
password = "password"
username = "username"
iam_database_authentication_enabled = true
}
resource "aws_db_instance" "enabled_postgres" {
allocated_storage = 5
engine = "postgres"
instance_class = "db.t3.small"
password = "password"
username = "username"
iam_database_authentication_enabled = true
}
# failure
# ruleid: aws-rds-iam-authentication-not-enabled
resource "aws_db_instance" "default_mysql" {
allocated_storage = 5
engine = "mysql"
instance_class = "db.t3.small"
password = "password"
username = "username"
}
# ruleid: aws-rds-iam-authentication-not-enabled
resource "aws_db_instance" "default_postgres" {
allocated_storage = 5
engine = "postgres"
instance_class = "db.t3.small"
password = "password"
username = "username"
}
# ruleid: aws-rds-iam-authentication-not-enabled
resource "aws_db_instance" "disabled_mysql" {
allocated_storage = 5
engine = "postgres"
instance_class = "db.t3.small"
password = "password"
username = "username"
iam_database_authentication_enabled = false
}
# ruleid: aws-rds-iam-authentication-not-enabled
resource "aws_db_instance" "disabled_postgres" {
allocated_storage = 5
engine = "postgres"
instance_class = "db.t3.small"
password = "password"
username = "username"
iam_database_authentication_enabled = false
}
# unknown
# ruleid: aws-rds-iam-authentication-not-enabled
resource "aws_db_instance" "mariadb" {
allocated_storage = 5
engine = "mariadb"
instance_class = "db.t3.small"
password = "password"
username = "username"
}
Short Link: https://sg.run/veAA