RDS database instance has IAM database authentication disabled

Vendor services misconfigurations

RDS database instance has IAM database authentication disabled

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
Brazilian General Data Protection (LGPD)
CCPA
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO/IEC 27001
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

The IAM database authentication feature is disabled for the RDS instance {AwsRdsDbInstance}. With the feature enabled, AWS RDS generates a short-lived (expires after 15 minutes) token against every authentication request. This means that users don't have to store or manage passwords. The feature also supports traffic encryption and central credential management. To uphold high levels of data security, it's recommended to enable this feature.

Recommended Mitigation

Enable the IAM database authentication feature for all RDS instances, and use it to its fullest. Prefer token-based authentication over passwords, use in-transit encryption, and use AWS IAM to centrally control access to your RDS instances.

RDS database instance has IAM database authentication disabled

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS