Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should Have IAM Authentication Enabled

This rule ensures that IAM authentication is enabled for RDS DB instances.

RuleRDS DB instances should have iam authentication enabled
FrameworkNIST 800-171 Revision 2
Severity
Medium

Rule Description:

According to NIST 800-171 Revision 2, it is recommended to enable IAM authentication for Amazon RDS database instances. IAM authentication provides an additional layer of security by allowing database access only to authorized IAM users or roles.

Enabling IAM authentication for RDS DB instances ensures that authentication requests are validated by AWS Identity and Access Management (IAM) before granting access to the database. This helps prevent unauthorized access to sensitive data stored within the RDS instance.

Troubleshooting Steps (if applicable):

No specific troubleshooting steps are involved in enabling IAM authentication for RDS DB instances. However, there are a few considerations to ensure a smooth implementation:

  2. 1.

    Ensure IAM permissions: Verify that IAM users or roles have the necessary permissions to access and authenticate against the RDS instance.

  4. 2.

    Verify connectivity: Check the connectivity between the RDS instance and the IAM service, ensuring the required ports are open and reachable.

Necessary Codes (if applicable):

No specific codes are required to enable IAM authentication for RDS instances. Configuration settings need to be modified using the AWS Management Console or AWS Command Line Interface (CLI).

Step-by-Step Guide for Remediation:

Follow the below steps to enable IAM authentication for an RDS DB instance:

  2. 1.

    Sign in to the AWS Management Console.

  4. 2.

    Open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  6. 3.

    In the navigation pane, choose "Databases".

  8. 4.

    Select the RDS DB instance for which you want to enable IAM authentication.

  10. 5.

    Click on the "Modify" button from the top menu.

  12. 6.

    Under the "Database options" section, find the "IAM Database Authentication" option and set it to "Enabled".

  14. 7.

    Scroll down and click on the "Continue" button.

  16. 8.

    Review the changes and make sure they are accurate.

  18. 9.

    Finally, click on the "Modify DB Instance" button to apply the changes.

After enabling IAM authentication, any user or role that needs to access the RDS instance will need to authenticate using their IAM credentials. This ensures that the access to the RDS instance is restricted to authorized IAM entities, enhancing the security of your data.

Note: Enabling IAM authentication may require the application using the RDS instance to be updated to include the IAM authentication information.

Is your System Free of Underlying Vulnerabilities?
Find Out Now