Benchmark: 6 Relational Database Services
Overview
This section covers security recommendations that you should follow to secure relational database services (RDS).
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-alicloud-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 6 Relational Database Services.
Run this benchmark in your terminal:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100_6Snapshot and share results via Turbot Pipes:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100_6 --shareControls
- 6.1 Ensure that RDS instance requires all incoming connections to use SSL
- 6.2 Ensure that RDS Instances are not open to the world
- 6.3 Ensure that 'Auditing' is set to 'On' for applicable database instances
- 6.4 Ensure that 'Auditing' Retention is 'greater than 6 months'
- 6.5 Ensure that 'TDE' is set to 'Enabled' on for applicable database instance
- 6.7 Ensure parameter 'log_connections' is set to 'ON' for PostgreSQL Database
- 6.8 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
- 6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server