github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/rds/enable_iam_auth.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/rds/enable_iam_auth.rego (about)

     1  # METADATA
     2  # title: "RDS IAM Database Authentication Disabled"
     3  # description: "Ensure IAM Database Authentication is enabled for RDS database instances to manage database access"
     4  # scope: package
     5  # schemas:
     6  # - input: schema["cloud"]
     7  # related_resources:
     8  # - https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth.html
     9  # custom:
    10  #   avd_id: AVD-AWS-0176
    11  #   provider: aws
    12  #   service: rds
    13  #   severity: MEDIUM
    14  #   short_code: enable-iam-auth
    15  #   recommended_action: "Modify the PostgreSQL and MySQL type RDS instances to enable IAM database authentication."
    16  #   input:
    17  #     selector:
    18  #     - type: cloud
    19  #       subtypes:
    20  #         - service: rds
    21  #           provider: aws
    22  package builtin.aws.rds.aws0176
    23  
    24  deny[res] {
    25  	instance := input.aws.rds.instances[_]
    26  	instance.engine.value == ["postgres", "mysql"][_]
    27  	not instance.iamauthenabled.value
    28  	res := result.new("Instance does not have IAM Authentication enabled", instance.iamauthenabled)
    29  }