IAM authentication should be configured for RDS instances
Severity: Medium
Resource Types: AWS::RDS::DBInstance
Description
This control checks whether an RDS DB instance has IAM database authentication enabled.
IAM database authentication allows authentication to database instances with an authentication token instead of a password. Network traffic to and from the database is encrypted using SSL.
Remediation
To remediate this issue, update your DB instance to enable IAM authentication.
To enable IAM authentication for an existing DB instance
- Open the Amazon RDS console.
- Choose
Databases
. - Select the DB instance to modify.
- Choose
Modify
. - Under
Database options
, chooseEnable IAM DB authentication
. - Choose
Continue
. - Under
Scheduling of modifications
, choose when to apply modifications. The options areApply during the next scheduled maintenance window
orApply immediately
. - For clusters, choose
Modify DB Instance.