/
AWS-RDS-RDS-IAM-Database-Authentication-Enabled

AWS-RDS-RDS-IAM-Database-Authentication-Enabled

Severity: High

Description: This control ensures that IAM DB Authentication is enabled for RDS DB Instances. When using IAM Database Authentication, instead of passwords, authentication tokens are issued and used for logging in. This provides central management of users and a better security model for authentication. Any traffic to and from the database is encrypted using Secure Sockets Layer (SSL) .

Remediation Steps:

Perform following to update authentication for RDS :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Navigate to RDS console.

  3. In the navigation pane, Click on Databases.

  4. Click on the Database instance to be modified, click Modify.

  5. Under the Database options choose Enable IAM DB authentication.

  6. Click on the Continue.

  7. Under Scheduling of modifications option select Apply Immediately.

  8. Click on Modify DB Instance

Important:

  •  The security tokens are valid for only 15 minute.

  • The IAM Database Authentication is available for only MySQL and PostgreSQL with MySQL 5.6 version 5.6.34, MySQL 5.7 version 5.7.16, PostgreSQL 10.6 version 10.6.11 and PostgreSQL 9.5 version 9.5.15 or higher.

Reference :

Related content

AWS-RDS-RDS-Transport-Encryption-Enabled
AWS-RDS-RDS-Transport-Encryption-Enabled
Read with this
AWS-IAM-Users-Without-MFA
AWS-IAM-Users-Without-MFA
Read with this
AWS-ES-Kibana-Auth-Without-Amazon-Cognito
AWS-ES-Kibana-Auth-Without-Amazon-Cognito
Read with this
AWS-S3-S3-Bucket-All-Users-Policy
AWS-S3-S3-Bucket-All-Users-Policy
Read with this

Blue Hexagon Proprietary