Vendor services misconfigurations

RDS database instance has IAM database authentication disabled

Platform(s)
Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
  • ,
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • coppa
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • GDPR
  • ,
  • HITRUST
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices
  • ,
  • PDPA
  • ,
  • pipeda
  • ,
  • UK Cyber Essentials

Description

The IAM database authentication feature is disabled for the RDS instance {AwsRdsDbInstance}. With the feature enabled, AWS RDS generates a short-lived (expires after 15 minutes) token against every authentication request. This means that users don't have to store or manage passwords. The feature also supports traffic encryption and central credential management. To uphold high levels of data security, it's recommended to enable this feature.