RDS instances should have IAM authentication enabled

Description

This control checks if an RDS instance has IAM database authentication enabled. The control specifically evaluates RDS instances using the following engine types: mysql, postgres, aurora, aurora-mysql, aurora-postgresql, and mariadb. Additionally, an RDS instance must be in one of these states for a finding to be generated: available, backing-up, storage-optimization, or storage-full.

IAM database authentication allows users to authenticate to database instances using an authentication token instead of a password. This mechanism ensures that network traffic to and from the database is encrypted using SSL. For more details, see the IAM database authentication section in the Amazon Aurora User Guide.

Remediation

To enable IAM database authentication on RDS instances, see Enabling and disabling IAM database authentication in the Amazon RDS User Guide.