RDS Instance TDE Status Disabled

  • Query id: 44d434ca-a9bf-4203-8828-4c81a8d5a598
  • Query name: RDS Instance TDE Status Disabled
  • Platform: Terraform
  • Severity: High
  • Category: Encryption
  • CWE: 326
  • URL: Github

Description

tde_status parameter should be Enabled for supported RDS instances
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "5.6"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    tde_status = "Disabled"
    parameters = [{
        name = "innodb_large_prefix"
        value = "ON"
    },{
        name = "connect_timeout"
        value = "50"
    }]
}
Positive test num. 2 - tf file
resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "8"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    parameters = [{
        name = "innodb_large_prefix"
        value = "ON"
    },{
        name = "connect_timeout"
        value = "50"
    }]
}
Positive test num. 3 - tf file
resource "alicloud_db_instance" "default" {
    engine = "SQLServer"
    engine_version = "2019_std_ha"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    tde_status = "Disabled"
    parameters = []
}

Positive test num. 4 - tf file
resource "alicloud_db_instance" "default" {
    engine = "SQLServer"
    engine_version = "2016_ent_ha"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    parameters = []
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "5.6"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    tde_status = "Enabled"
    parameters = [{
        name = "innodb_large_prefix"
        value = "ON"
    },{
        name = "connect_timeout"
        value = "50"
    }]
}
Negative test num. 2 - tf file
resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "8"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    tde_status = "Enabled"
    parameters = [{
        name = "innodb_large_prefix"
        value = "ON"
    },{
        name = "connect_timeout"
        value = "50"
    }]
}
Negative test num. 3 - tf file
resource "alicloud_db_instance" "default" {
    engine = "SQLServer"
    engine_version = "2019_std_ha"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    tde_status = "Enabled"
    parameters = []
}

Negative test num. 4 - tf file
resource "alicloud_db_instance" "default" {
    engine = "SQLServer"
    engine_version = "2016_ent_ha"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    tde_status = "Enabled"
    parameters = []
}
Negative test num. 5 - tf file
resource "alicloud_db_instance" "default" {
    engine = "SQLServer"
    engine_version = "2012_web"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    parameters = []
}