Ensure RDS cluster has IAM authentication enabled

Home
»
AWS Documentation
»
IAM
»
Ensure RDS cluster has IAM authentication enabled

RDS cluster does not have IAM authentication enabled

Description

IAM authentication utilizes AWS Identity and Access Management (IAM) to authenticate both users and applications connecting to your RDS database. This approach enhances security compared to traditional password-based authentication by enabling the application of granular IAM policies and the enforcement of multi-factor authentication (MFA) for access control. It allows for centralized management of access credentials, ensuring that only authorized entities with appropriate IAM roles and permissions can interact with the database.

Fix - Buildtime

Cloudformation

Resource: aws_rds_cluster
Argument: iam_database_authentication_enabled

“`go aws_s3_bucket.test.tf resource “aws_rds_cluster” “enabled” { … + iam_database_authentication_enabled = true }


## CloudFormation

- **Resource:** AWS::RDS::DBCluster
- **Argument:** Properties.EnableIAMDatabaseAuthentication

```yaml
Resources:
  Enabled:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      ...
+     EnableIAMDatabaseAuthentication: true