RDS database does not have IAM authentication enabled
Description
IAM authentication leverages AWS Identity and Access Management (IAM) to authenticate users and applications attempting to access your RDS database. This method provides enhanced security over traditional password-based authentication by enabling the use of fine-grained IAM policies and multi-factor authentication (MFA) to enforce access controls. By utilizing IAM roles and policies, you can manage and restrict database access more efficiently, ensuring that only authorized entities with the appropriate permissions can establish connections.
Fix - Buildtime
Cloudformation
- Resource: “aws_db_instance
- Argument: iam_database_authentication_enabled
“`go aws_s3_bucket.test.tf resource “aws_db_instance” “test” { … + iam_database_authentication_enabled = true }
## CloudFormation
- **Resource:** "AWS::RDS::DBInstance
- **Argument:** Properties.EnableIAMDatabaseAuthentication
```yaml
Resources:
DB:
Type: 'AWS::RDS::DBInstance'
Properties:
Engine: 'mysql' # or 'postgres'
...
+ EnableIAMDatabaseAuthentication: true