BOM - AWS RDS

  • Query id: 6ef03ff6-a2bd-483c-851f-631f248bc0ea
  • Query name: BOM - AWS RDS
  • Platform: CloudFormation
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: Ongoing
  • URL: Github

Description

A list of RDS resources found. Amazon Relational Database Service (Amazon RDS) is a collection of managed services that makes it simple to set up, operate, and scale databases in the cloud.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - json file
{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "DBInstanceSample1":{
            "Type": "AWS::RDS::DBInstance",
            "Properties": {
                "Engine": "oracle-ee",
                "DBSubnetGroupName": "DBSubnetGroupSample1",
                "StorageEncrypted": false
            }
        },
        "VPCGatewayAttachmentSample1": {
            "Type": "AWS::EC2::VPCGatewayAttachment",
            "Properties": {
                "InternetGatewayId": "",
                "VpcId": "VPCSample1",
                "VpnGatewayId": ""
            }
        },
        "SubnetSample1": {
            "Type": "AWS::EC2::Subnet",
            "Properties": {
                "CidrBlock": "172.16.1.0/24",
                "VpcId": {
                    "Ref": "VPCSample1"
                }
            }
        },
        "DBSubnetGroupSample1": {
            "Type": "AWS::RDS::DBSubnetGroup",
            "Properties": {
                "SubnetIds": [
                    {
                        "Ref": "SubnetSample1"
                    }
                ]
            }
        }
    }
}
Positive test num. 2 - json file
{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "DBInstanceSample2":{
            "Type": "AWS::RDS::DBInstance",
            "Properties": {
                "Engine": "oracle-ee",
                "DBSubnetGroupName": "DBSubnetGroupSample2",
                "SourceDBInstanceIdentifier": {
                    "Ref":"DBInstanceRefSample2"
                }
            }
        },
        "DBInstanceRefSample2":{
            "Type": "AWS::RDS::DBInstance",
            "Properties": {
                "Engine": "oracle-ee",
                "DBSubnetGroupName": "DBSubnetGroupSample2",
                "StorageEncrypted": false
            }
        },
        "SubnetSample2": {
            "Type": "AWS::EC2::Subnet",
            "Properties": {
                "CidrBlock": "172.16.1.0/24",
                "VpcId": {
                    "Ref": "VPCSample2"
                }
            }
        },
        "DBSubnetGroupSample2": {
            "Type": "AWS::RDS::DBSubnetGroup",
            "Properties": {
                "SubnetIds": [
                    {
                        "Ref": "SubnetSample2"
                    }
                ]
            }
        }
    }
}
Positive test num. 3 - json file
{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "DBInstanceSample3":{
            "Type": "AWS::RDS::DBInstance",
            "Properties": {
                "Engine": "oracle-ee",
                "DBSubnetGroupName": "DBSubnetGroupSample3",
                "SnapshotIdentifier": {
                    "Ref":"DBInstanceRefSample3"
                }
            }
        },
        "DBInstanceRefSample3":{
            "Type": "AWS::RDS::DBInstance",
            "Properties": {
                "Engine": "oracle-ee",
                "DBSubnetGroupName": "DBSubnetGroupSample3",
                "StorageEncrypted": true
            }
        },
        "SubnetSample3": {
            "Type": "AWS::EC2::Subnet",
            "Properties": {
                "CidrBlock": "172.16.1.0/24",
                "VpcId": {
                    "Ref": "VPCSample3"
                }
            }
        },
        "DBSubnetGroupSample3": {
            "Type": "AWS::RDS::DBSubnetGroup",
            "Properties": {
                "SubnetIds": [
                    {
                        "Ref": "SubnetSample3"
                    }
                ]
            }
        }
    }
}

Positive test num. 4 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  DBInstanceSample4:
    Type: AWS::RDS::DBInstance
    Properties:
      Engine: aurora
      PubliclyAccessible: true
      DBClusterIdentifier: DBClusterSample4
  DBClusterSample4:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      StorageEncrypted: true
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000
Positive test num. 5 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  DBInstanceSample5:
    Type: AWS::RDS::DBInstance
    Properties:
      Engine: aurora
      PubliclyAccessible: true
      DBClusterIdentifier: DBClusterSample5
  DBClusterSample5:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      SourceDBClusterIdentifier: !Ref DBClusterSampleRef5
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000
  DBClusterSampleRef5:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword      
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      StorageEncrypted: true
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000
Positive test num. 6 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  DBInstanceSample6:
    Type: AWS::RDS::DBInstance
    Properties:
      Engine: aurora
      PubliclyAccessible: true
      DBClusterIdentifier: DBClusterSample6
  DBClusterSample6:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      SnapshotIdentifier: !Ref DBClusterSampleRef6
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000
  DBClusterSampleRef6:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword      
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      StorageEncrypted: true
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: true