Loading controls...
Benchmark: RDS
Description
This benchmark provides a set of controls that detect Terraform AWS RDS resources deviating from security best practices.
Usage
Browse dashboards and select RDS:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check terraform_aws_compliance.benchmark.rdsSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_aws_compliance.benchmark.rdsControls
- Amazon Aurora clusters should have backtracking enabled
- RDS DB clusters should be configured to copy tags to snapshots
- RDS clusters should have deletion protection enabled
- An RDS event notifications subscription should be configured for critical cluster events
- IAM authentication should be configured for RDS clusters
- RDS DB clusters should be configured for multiple Availability Zones
- RDS DB instance and cluster enhanced monitoring should be enabled
- RDS databases and clusters should not use a database engine default port
- RDS DB instance automatic minor version upgrade should be enabled
- RDS DB instance backup should be enabled
- RDS DB instances should be configured to copy tags to snapshots
- RDS DB instances should have deletion protection enabled
- RDS DB instance encryption at rest should be enabled
- An RDS event notifications subscription should be configured for critical database instance events
- RDS DB instances should have iam authentication enabled
- Database logging should be enabled
- RDS DB instance multiple az should be enabled
- RDS DB instances should prohibit public access
- An RDS event notifications subscription should be configured for critical database parameter group events
- An RDS event notifications subscription should be configured for critical database security group events