IAM DB Cluster Auth Not Enabled
- Query id: 6282794f-def8-4d6f-9df6-289318aa42b8
- Query name: IAM DB Cluster Auth Not Enabled
- Platform: CloudFormation
- Severity: Medium
- Category: Access Control
- CWE: 311
- Risk score: 3.0
- URL: Github
Description¶
IAM Authentication should be enabled to verify the access of users and applications to your databases by enabling IAM policies and multi-factor authentication. This is a safety measure to ensure the protection of newly created databases without the proper IAM policies or in the change of policies in existing databases.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
EngineVersion: '10.7'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: false
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mysql",
"DBClusterParameterGroupName": "default.mysql10",
"EnableCloudwatchLogsExports": [
"mysql"
],
"EnableIAMDatabaseAuthentication": "false"
}
}
}
}
Positive test num. 3 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mysql
DBClusterParameterGroupName: default.mysql10
EnableCloudwatchLogsExports:
- mysql
Positive test num. 4 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mysql",
"DBClusterParameterGroupName": "default.mysql10",
"EnableCloudwatchLogsExports": [
"mysql"
]
}
}
}
}
Positive test num. 5 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
DBClusterParameterGroupName: default.mariadb
EnableCloudwatchLogsExports:
- mariadb
EnableIAMDatabaseAuthentication: false
Positive test num. 6 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"DBClusterParameterGroupName": "default.mariadb",
"EnableCloudwatchLogsExports": [
"mariadb"
],
"EnableIAMDatabaseAuthentication": false
}
}
}
}
Positive test num. 7 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: "true"
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
DBClusterParameterGroupName: default.mariadb
EnableCloudwatchLogsExports:
- mariadb
EnableIAMDatabaseAuthentication: "false"
Positive test num. 8 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": "true",
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"DBClusterParameterGroupName": "default.mariadb",
"EnableCloudwatchLogsExports": [
"mariadb"
],
"EnableIAMDatabaseAuthentication": "false"
}
}
}
}
Positive test num. 9 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
DBClusterParameterGroupName: default.mariadb
EnableCloudwatchLogsExports:
- mariadb
Positive test num. 10 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"DBClusterParameterGroupName": "default.mariadb",
"EnableCloudwatchLogsExports": [
"mariadb"
]
}
}
}
}
Positive test num. 11 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
EngineVersion: "15.5"
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
Positive test num. 12 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "aurora-postgresql-cluster",
"Engine": "aurora-postgresql",
"EngineVersion": "10.7",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": false
}
}
}
}
Positive test num. 13 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"EngineVersion": "15.5",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
]
}
}
}
}
Positive test num. 14 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
Positive test num. 15 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
]
}
}
}
}
Positive test num. 16 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
EngineVersion: "15.5"
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: false
Positive test num. 17 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"EngineVersion": "15.5",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": false
}
}
}
}
Positive test num. 18 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
EngineVersion: "15.5"
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "false"
Positive test num. 19 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"EngineVersion": "15.5",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "false"
}
}
}
}
Positive test num. 20 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: false
Positive test num. 21 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": false
}
}
}
}
Positive test num. 22 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "false"
Positive test num. 23 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
EngineVersion: '10.7'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
Positive test num. 24 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "false"
}
}
}
}
Positive test num. 25 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
EngineVersion: "10.6"
DBClusterParameterGroupName: default.mariadb
EnableCloudwatchLogsExports:
- mariadb
EnableIAMDatabaseAuthentication: false
Positive test num. 26 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "10.6",
"DBClusterParameterGroupName": "default.mariadb",
"EnableCloudwatchLogsExports": [
"mariadb"
],
"EnableIAMDatabaseAuthentication": false
}
}
}
}
Positive test num. 27 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: "true"
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
EngineVersion: "10.11"
DBClusterParameterGroupName: default.mariadb
EnableCloudwatchLogsExports:
- mariadb
EnableIAMDatabaseAuthentication: "false"
Positive test num. 28 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": "true",
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "10.11",
"DBClusterParameterGroupName": "default.mariadb",
"EnableCloudwatchLogsExports": [
"mariadb"
],
"EnableIAMDatabaseAuthentication": "false"
}
}
}
}
Positive test num. 29 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
EngineVersion: "11.4"
DBClusterParameterGroupName: default.mariadb
EnableCloudwatchLogsExports:
- mariadb
Positive test num. 30 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "11.4",
"DBClusterParameterGroupName": "default.mariadb",
"EnableCloudwatchLogsExports": [
"mariadb"
]
}
}
}
}
Positive test num. 31 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "aurora-postgresql-cluster",
"Engine": "aurora-postgresql",
"EngineVersion": "10.7",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
]
}
}
}
}
Positive test num. 32 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
EngineVersion: '10.7'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "false"
Positive test num. 33 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "aurora-postgresql-cluster",
"Engine": "aurora-postgresql",
"EngineVersion": "10.7",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "false"
}
}
}
}
Positive test num. 34 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mysql
DBClusterParameterGroupName: default.mysql10
EnableCloudwatchLogsExports:
- mysql
EnableIAMDatabaseAuthentication: false
Positive test num. 35 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mysql",
"DBClusterParameterGroupName": "default.mysql10",
"EnableCloudwatchLogsExports": [
"mysql"
],
"EnableIAMDatabaseAuthentication": false
}
}
}
}
Positive test num. 36 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mysql
DBClusterParameterGroupName: default.mysql10
EnableCloudwatchLogsExports:
- mysql
EnableIAMDatabaseAuthentication: "false"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
EngineVersion: '10.7'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: true
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"EngineVersion": "15.5",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": true
}
}
}
}
Negative test num. 3 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: "true"
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
EngineVersion: "15.5"
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "true"
Negative test num. 4 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": "true",
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"EngineVersion": "15.5",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "true"
}
}
}
}
Negative test num. 5 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: true
Negative test num. 6 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": true
}
}
}
}
Negative test num. 7 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: "true"
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "true"
Negative test num. 8 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PostgresDBCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": "true",
"DBClusterIdentifier": "postgres-db-cluster",
"Engine": "postgres",
"DBClusterParameterGroupName": "default.postgres15",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "true"
}
}
}
}
Negative test num. 9 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
sample:
Type: AWS::RDS::DBCluster
Properties:
MasterUsername: !Ref 'DBUsername'
MasterUserPassword: !Ref 'DBPassword'
StorageEncrypted: true
DBClusterIdentifier: !Ref 'SourceDBInstanceIdentifier'
Engine: mariadb
EngineVersion: '10.5'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
Negative test num. 10 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "10.5",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
]
}
}
}
}
Negative test num. 11 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
EngineVersion: '10.5'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: false
Negative test num. 12 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "aurora-postgresql-cluster",
"Engine": "aurora-postgresql",
"EngineVersion": "10.7",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": true
}
}
}
}
Negative test num. 13 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "10.5",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": false
}
}
}
}
Negative test num. 14 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
EngineVersion: '10.5'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "false"
Negative test num. 15 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "10.5",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "false"
}
}
}
}
Negative test num. 16 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
sample:
Type: AWS::RDS::DBCluster
Properties:
MasterUsername: !Ref 'DBUsername'
MasterUserPassword: !Ref 'DBPassword'
StorageEncrypted: true
DBClusterIdentifier: !Ref 'SourceDBInstanceIdentifier'
Engine: unsupported_engine
EngineVersion: '10.5'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
Negative test num. 17 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "unsupported_engine",
"EngineVersion": "10.5",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
]
}
}
}
}
Negative test num. 18 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: unsupported_engine
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
Negative test num. 19 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "unsupported_engine",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
]
}
}
}
}
Negative test num. 20 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
EngineVersion: '10.7'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "true"
Negative test num. 21 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": "aurora-postgresql-cluster",
"Engine": "aurora-postgresql",
"EngineVersion": "10.7",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "true"
}
}
}
}
Negative test num. 22 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
EngineVersion: '10.6'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: true
Negative test num. 23 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": true,
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "10.6",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": true
}
}
}
}
Negative test num. 24 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
sample:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: "true"
DBClusterIdentifier: !Ref SourceDBInstanceIdentifier
Engine: mariadb
EngineVersion: '10.5'
DBClusterParameterGroupName: default.aurora-postgresql10
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: "true"
Negative test num. 25 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"sample": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "DBUsername"
},
"MasterUserPassword": {
"Ref": "DBPassword"
},
"StorageEncrypted": "true",
"DBClusterIdentifier": {
"Ref": "SourceDBInstanceIdentifier"
},
"Engine": "mariadb",
"EngineVersion": "10.5",
"DBClusterParameterGroupName": "default.aurora-postgresql10",
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableIAMDatabaseAuthentication": "true"
}
}
}
}
Negative test num. 26 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
PostgresDBCluster:
Type: "AWS::RDS::DBCluster"
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
StorageEncrypted: true
DBClusterIdentifier: postgres-db-cluster
Engine: postgres
EngineVersion: "15.5"
DBClusterParameterGroupName: default.postgres15
EnableCloudwatchLogsExports:
- postgresql
EnableIAMDatabaseAuthentication: true