BOM - AWS RDS

  • Query id: 12933609-c5bf-44b4-9a41-a6467c3b685b
  • Query name: BOM - AWS RDS
  • Platform: Terraform
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: 532
  • URL: Github

Description

A list of RDS resources found. Amazon Relational Database Service (Amazon RDS) is a collection of managed services that makes it simple to set up, operate, and scale databases in the cloud.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_rds_cluster_instance" "cluster_instances" {
  count              = 2
  identifier         = "aurora-cluster-demo-${count.index}"
  cluster_identifier = aws_rds_cluster.default.id
  instance_class     = "db.r4.large"
  engine             = aws_rds_cluster.default.engine
  engine_version     = aws_rds_cluster.default.engine_version
  publicly_accessible = false
}

resource "aws_rds_cluster" "default" {
  cluster_identifier      = "aurora-cluster-demo"
  engine                  = "aurora-mysql"
  engine_version          = "5.7.mysql_aurora.2.03.2"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
  backup_retention_period = 5
  preferred_backup_window = "07:00-09:00"
}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  db_name              = "mydb"
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t3.micro"
  username             = "foo"
  password             = "foobarbaz"
  parameter_group_name = "default.mysql5.7"
  skip_final_snapshot  = true
}

resource "aws_db_instance" "sample3" {
  allocated_storage    = 10
  db_name              = "mydb"
  engine_version       = "5.7"
  instance_class       = "db.t3.micro"
  username             = "foo"
  password             = "foobarbaz"
  parameter_group_name = "default.mysql5.7"
  replicate_source_db  = aws_db_instance.default.id
  skip_final_snapshot  = true
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
module "kafka" {
  source = "cloudposse/msk-apache-kafka-cluster/aws"
  version = "0.7.2"

  namespace              = "eg"
  stage                  = "prod"
  name                   = "app"
  vpc_id                 = "vpc-XXXXXXXX"
  zone_id                = "Z14EN2YD427LRQ"
  security_groups        = ["sg-XXXXXXXXX", "sg-YYYYYYYY"]
  subnet_ids             = ["subnet-XXXXXXXXX", "subnet-YYYYYYYY"]
  kafka_version          = "2.4.1"
  number_of_broker_nodes = 2 # this has to be a multiple of the # of subnet_ids
  broker_instance_type   = "kafka.m5.large"
}