Loading controls...
Benchmark: RDS
Description
This section contains recommendations for configuring RDS resources.
Usage
Browse dashboards and select RDS:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.all_controls_rdsSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.all_controls_rdsControls
- RDS Aurora clusters should have backtracking enabled
- RDS Aurora clusters should be protected by backup plan
- RDS DB clusters should be configured to copy tags to snapshots
- RDS clusters should have deletion protection enabled
- RDS DB clusters should be encrypted at rest
- An RDS event notifications subscription should be configured for critical cluster events
- IAM authentication should be configured for RDS clusters
- RDS DB clusters should be configured for multiple Availability Zones
- RDS database clusters should use a custom administrator username
- RDS DB instance and cluster enhanced monitoring should be enabled
- RDS databases and clusters should not use a database engine default port
- RDS DB instance automatic minor version upgrade should be enabled
- RDS DB instance backup should be enabled
- RDS DB instances CA certificates should not expire within next 7 days
- RDS DB instances should be integrated with CloudWatch logs
- RDS DB instances connections should be encrypted
- RDS DB instances should be configured to copy tags to snapshots
- RDS DB instances should have deletion protection enabled
- RDS DB instance encryption at rest should be enabled
- An RDS event notifications subscription should be configured for critical database instance events
- RDS DB instances should have iam authentication enabled
- RDS DB instances should be in a backup plan
- RDS instances should be deployed in a VPC
- Database logging should be enabled
- RDS DB instance multiple az should be enabled
- RDS database instances should use a custom administrator username
- RDS DB instances should prohibit public access
- RDS DB instance should be protected by backup plan
- An RDS event notifications subscription should be configured for critical database parameter group events
- An RDS event notifications subscription should be configured for critical database security group events
- RDS DB snapshots should be encrypted at rest
- RDS snapshots should prohibit public access