prowler icon indicating copy to clipboard operation
prowler copied to clipboard

Published 20 hours ago verified publisher icon prowler-cloud

feat(rds): Add AWS RDS cluster transport encryption check

Open madereddy opened this issue 9 months ago • 1 comments

Context

Add additional RDS cluster transport level encryption logic for supported RDS versions:

For PostgreSQL and Aurora PostgreSQL clusters, if the rds.force_ssl parameter value is set to 0, the Transport Encryption feature is not enabled. For MySQL, Aurora MySQL and MariaDB clusters, if the require_secure_transport parameter value is set to OFF, the Transport Encryption feature is not enabled.

Description

Added checks for MySQL, MariaDB, PostgreSQL, Aurora PostgreSQL, and Aurora MySQL DB clusters.

Had to modify rds_instance_deletion_protection check and test as well to deal the modification to the db_clusters which allows the parameters to be read.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

madereddy avatar May 15 '24 01:05 madereddy

Competing with https://github.com/prowler-cloud/prowler/pull/4002 and https://github.com/prowler-cloud/prowler/pull/4003

Recommended to merge this after https://github.com/prowler-cloud/prowler/pull/4002 as that is a more important check. Cert: rds-ca-2019 will be expiring August 22nd 2024.

madereddy avatar May 15 '24 01:05 madereddy

@madereddy are you planning to re-do the PR?

jfagoagas avatar May 20 '24 11:05 jfagoagas

Yes I will redo it after the other certificate PR has been merged.

madereddy avatar May 20 '24 11:05 madereddy

@madereddy I have merged the other PR!

sergargar avatar May 20 '24 14:05 sergargar

I will start working on the update commit now

madereddy avatar May 20 '24 15:05 madereddy