Ensure active directory remains in use to authenticate users for Amazon Relational Database Service (Amazon RDS) Instances

MEDIUM

Description

Windows authentication can be used for SQL Server in AWS RDS instances, if Active Directory is configured using AWS Managed Microsoft AD. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html

Remediation

To setup AD authentication for an Amazon RDS Instance, follow the directions in the user guide (below) section labeled "Overview of setting up Windows authentication".

In Terraform -

  1. for the aws_db_instance, set the field domain to the AD domain for the instance.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance

Policy Details

Rule Reference ID: AC_AWS_0061
CSP: AWS
Remediation Available: Yes
Resource: aws_db_instance
Resource Category: Database
Resource Type: DB Instance

Frameworks