Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub
Loading controls...

Control: 25 RDS database instances should use a custom administrator username

Description

This control checks whether you've changed the administrative username for Amazon Relational Database Service (Amazon RDS) database instances from the default value. The control fails if the administrative username is set to the default value.

Default administrative usernames on Amazon RDS databases are public knowledge. When creating an Amazon RDS database, you should change the default administrative username to a unique value to reduce the risk of unintended access.

Remediation

To change the administrative username associated with an RDS database instance, first create a new RDS database instance. Change the default administrative username while creating the database.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_rds_25

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_rds_25 --share

SQL

This control uses a named query:

rds_db_instance_no_default_admin_name

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = resource_configuration
foundational_security_item_id = rds_25
plugin = aws
service = AWS/RDS