BOM - AWS RDS

Query id: 6ef03ff6-a2bd-483c-851f-631f248bc0ea
Query name: BOM - AWS RDS
Platform: CloudFormation
Severity: Trace
Category: Bill Of Materials
CWE: 532
URL: Github
Description¶

A list of RDS resources found. Amazon Relational Database Service (Amazon RDS) is a collection of managed services that makes it simple to set up, operate, and scale databases in the cloud.
Documentation
Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - json file
Positive test num. 2 - json file
Positive test num. 3 - json file
/span>
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { class="w">        "DBInstanceSample1":{ "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "oracle-ee", "DBSubnetGroupName": "DBSubnetGroupSample1", "StorageEncrypted": false } }, "VPCGatewayAttachmentSample1": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "InternetGatewayId": "", "VpcId": "VPCSample1", "VpnGatewayId": "" } }, "SubnetSample1": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "172.16.1.0/24", "VpcId": { "Ref": "VPCSample1" } } }, "DBSubnetGroupSample1": { "Type": "AWS::RDS::DBSubnetGroup", "Properties": { "SubnetIds": [ { "Ref": "SubnetSample1" } ] } } } } /span>{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { class="w">        "DBInstanceSample2":{ "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "oracle-ee", "DBSubnetGroupName": "DBSubnetGroupSample2", "SourceDBInstanceIdentifier": { "Ref":"DBInstanceRefSample2" } } }, class="w">        "DBInstanceRefSample2":{ "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "oracle-ee", "DBSubnetGroupName": "DBSubnetGroupSample2", "StorageEncrypted": false } }, "SubnetSample2": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "172.16.1.0/24", "VpcId": { "Ref": "VPCSample2" } } }, "DBSubnetGroupSample2": { "Type": "AWS::RDS::DBSubnetGroup", "Properties": { "SubnetIds": [ { "Ref": "SubnetSample2" } ] } } } } /span>{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { class="w">        "DBInstanceSample3":{ "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "oracle-ee", "DBSubnetGroupName": "DBSubnetGroupSample3", "SnapshotIdentifier": { "Ref":"DBInstanceRefSample3" } } }, class="w">        "DBInstanceRefSample3":{ "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "oracle-ee", "DBSubnetGroupName": "DBSubnetGroupSample3", "StorageEncrypted": true } }, "SubnetSample3": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "172.16.1.0/24", "VpcId": { "Ref": "VPCSample3" } } }, "DBSubnetGroupSample3": { "Type": "AWS::RDS::DBSubnetGroup", "Properties": { "SubnetIds": [ { "Ref": "SubnetSample3" } ] } } } }
Positive test num. 4 - yaml file

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  DBInstanceSample4:
    Type: AWS::RDS::DBInstance
    Properties:
      Engine: aurora
      PubliclyAccessible: true
      DBClusterIdentifier: DBClusterSample4
  DBClusterSample4:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      StorageEncrypted: true
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000


Positive test num. 5 - yaml file

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  DBInstanceSample5:
    Type: AWS::RDS::DBInstance
    Properties:
      Engine: aurora
      PubliclyAccessible: true
      DBClusterIdentifier: DBClusterSample5
  DBClusterSample5:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      SourceDBClusterIdentifier: !Ref DBClusterSampleRef5
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000
  DBClusterSampleRef5:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword      
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      StorageEncrypted: true
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000


Positive test num. 6 - yaml file

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  DBInstanceSample6:
    Type: AWS::RDS::DBInstance
    Properties:
      Engine: aurora
      PubliclyAccessible: true
      DBClusterIdentifier: DBClusterSample6
  DBClusterSample6:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      SnapshotIdentifier: !Ref DBClusterSampleRef6
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000
  DBClusterSampleRef6:
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword      
      DBClusterIdentifier: my-serverless-cluster
      Engine: aurora
      EngineVersion: 5.6.10a
      EngineMode: serverless
      StorageEncrypted: true
      ScalingConfiguration:
        AutoPause: true
        MinCapacity: 4
        MaxCapacity: 32
        SecondsUntilAutoPause: 1000



Code samples without security vulnerabilities¶
Negative test num. 1 - yaml fileAWSTemplateFormatVersion: '2010-09-09'
Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: true