RDS Instance SSL Action Disabled
- Query id: 7a1ee8a9-71be-4b11-bb70-efb62d16863b
- Query name: RDS Instance SSL Action Disabled
- Platform: Terraform
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
ssl_action parameter should be set to Open for RDS instances
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
ssl_action = "Close"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
Postitive test num. 2 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
ssl_action = "Open"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
Negative test num. 2 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
ssl_action = "Update"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}