AWS Config Rule: RDS Instance IAM Authentication Enabled

Description: Checks if an Amazon Relational Database Service (Amazon RDS) instance has AWS Identity and Access Management (IAM) authentication enabled. This rule is NON_COMPLIANT if an Amazon RDS instance does not have AWS IAM authentication enabled.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Spain), Europe (Zurich) Region

This rules checks whether Identity and Access Management (IAM) authentication is enabled for a specific Amazon RDS database instance. If the database authentication is configured as password authentication, the rule will be marked as non-compliant.

Note: for this Config Rule to work, the DB Engine should be one of 'mysql', 'postgres', 'aurora', 'aurora-mysql', or 'aurora-postgresq'. The DB instance status should be one of 'available', 'backing-up', 'storage-optimization', or 'storage-full'.

To check the current database authentication of an instance, head to AWS Console, go to RDS and click on DB Instances from within the Dashboard. Then click on the name of the desired database and go to the Configuration tab to check the current IAM DB authentication status. In case it's Disabled, click on Modify button to open the configuration screen then look for the Database authentication card and choose the Password and IAM database authentication option; click Continue to review the Summary of modifications then finally click on Modify DB Instance button to apply changes. Check the following screenshot as reference:

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here