IAM database is not enabled
ID |
aws_iam_database_auth_not_enabled |
Severity |
high |
Vendor |
AWS |
Resource |
IAM |
Tags |
reachable |
Description
IAM database is not enabled. By default, IAM database authentication is disabled on DB instances. Having this enabled allows for killing access to your databases in one location vs having to manually make this change on each database.
To fix it, you must configure the property enable_iam_database_authentication=true.
Learn more about this topic at AWS Enabling and disabling IAM database authentication.
Examples
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create DB instance
amazon.aws.rds_instance:
id: "my-instance-id"
state: present
engine: postgres
engine_version: 14.2
username: "{{ username }}"
password: "{{ password }}"
db_instance_class: db.m6g.large
allocated_storage: "{{ allocated_storage }}"
iam_roles:
- role_arn: "{{ iam_role.arn }}"
feature_name: 's3Export'Mitigation / Fix
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create DB instance
amazon.aws.rds_instance:
id: "my-instance-id"
state: present
engine: postgres
engine_version: 14.2
enable_iam_database_authentication: true
username: "{{ username }}"
password: "{{ password }}"
db_instance_class: db.m6g.large
allocated_storage: "{{ allocated_storage }}"
iam_roles:
- role_arn: "{{ iam_role.arn }}"
feature_name: 's3Export'