CA Certificate Identifier Is Outdated
- Query id: 5eccd62d-8b4d-46d3-83ea-1879f3cbd3ce
- Query name: CA Certificate Identifier Is Outdated
- Platform: Ansible
- Severity: High
- Category: Encryption
- URL: Github
Description¶
The CA certificate Identifier must be 'rds-ca-2019'.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: create minimal aurora instance in default VPC and default subnet group
community.aws.rds_instance:
engine: aurora
db_instance_identifier: ansible-test-aurora-db-instance
instance_type: db.t2.small
password: "{{ password }}"
username: "{{ username }}"
cluster_id: ansible-test-cluster
ca_certificate_identifier: rds-ca-2015
- name: create a DB instance using the default AWS KMS encryption key
community.aws.rds_instance:
id: test-encrypted-db
state: present
engine: mariadb
storage_encrypted: True
db_instance_class: db.t2.medium
username: "{{ username }}"
password: "{{ password }}"
allocated_storage: "{{ allocated_storage }}"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create minimal aurora instance in default VPC and default subnet group
community.aws.rds_instance:
engine: aurora
db_instance_identifier: ansible-test-aurora-db-instance
instance_type: db.t2.small
password: '{{ password }}'
username: '{{ username }}'
cluster_id: ansible-test-cluster
ca_certificate_identifier: rds-ca-2019
- name: Create a DB instance using the default AWS KMS encryption key
community.aws.rds_instance:
id: test-encrypted-db
state: present
engine: mariadb
storage_encrypted: true
db_instance_class: db.t2.medium
username: '{{ username }}'
password: '{{ password }}'
allocated_storage: '{{ allocated_storage }}'
ca_certificate_identifier: rds-ca-2019