AWS Config Rule: RDS Instance IAM Authentication Enabled

RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED

Eduardo Van Cauteren

Last Update 6 tháng trước

Description: Checks if an Amazon Relational Database Service (Amazon RDS) instance has AWS Identity and Access Management (IAM) authentication enabled. This rule is NON_COMPLIANT if an Amazon RDS instance does not have AWS IAM authentication enabled.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Osaka), Europe (Spain) Region


How to Resolve Manually

This rules checks whether Identity and Access Management (IAM) authentication is enabled for a specific Amazon RDS database instance. If the database authentication is configured as password authentication, the rule will be marked as non-compliant.


Note: for this Config Rule to work, the DB Engine should be one of 'mysql', 'postgres', 'aurora', 'aurora-mysql', or 'aurora-postgresq'. The DB instance status should be one of 'available', 'backing-up', 'storage-optimization', or 'storage-full'.

To check the current database authentication of an instance, head to AWS Console, go to RDS and click on DB Instances from within the Dashboard. Then click on the name of the desired database and go to the Configuration tab to check the current IAM DB authentication status. In case it's Disabled, click on Modify button to open the configuration screen then look for the Database authentication card and choose the Password and IAM database authentication option; click Continue to review the Summary of modifications then finally click on Modify DB Instance button to apply changes. Check the following screenshot as reference:


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us