RDS instances should have IAM authentication enabled

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control checks if an RDS instance has IAM database authentication enabled. The control specifically evaluates RDS instances using the following engine types: mysql, postgres, aurora, aurora-mysql, aurora-postgresql, and mariadb. Additionally, an RDS instance must be in one of these states for a finding to be generated: available, backing-up, storage-optimization, or storage-full.

IAM database authentication allows users to authenticate to database instances using an authentication token instead of a password. This mechanism ensures that network traffic to and from the database is encrypted using SSL. For more details, see the IAM database authentication section in the Amazon Aurora User Guide.

Remediation

To enable IAM database authentication on RDS instances, see Enabling and disabling IAM database authentication in the Amazon RDS User Guide.