🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: 19 Existing RDS event notification subscriptions should be configured for critical cluster events.

Description

This control checks whether an Amazon RDS event subscription exists that has notifications enabled for the following source type, event category key-value pairs.

DBCluster: ["maintenance","failure"]

RDS event notifications uses Amazon SNS to make you aware of changes in the availability or configuration of your RDS resources. These notifications allow for rapid response. For additional information about RDS event notifications, see Using Amazon RDS event notification in the Amazon RDS User Guide.

Remediation

To subscribe to RDS cluster event notifications

  1. Open the Amazon RDS console

  2. In the navigation pane, choose Event subscriptions.

  3. Under Event subscriptions, choose Create event subscription.

  4. In the Create event subscription dialog, do the following:

    a. For Name, enter a name for the event notification subscription.

    b. For Send notifications to, choose an existing Amazon SNS ARN for an SNS topic. To use a new topic, choose create topic to enter the name of a topic and a list of recipients.

    c. For Source type, choose Clusters.

    d. Under Instances to include, select All clusters.

    e. Under Event categories to include, select Specific event categories. The control also passes if you select All event categories.

    f. Select maintenance and failure.

    g. Choose Create.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_rds_19

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_rds_19 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when source_type <> 'db-cluster' then 'skip'
    when source_type = 'db-cluster' and enabled and event_categories_list @> '["failure", "maintenance"]' then 'ok'
    else 'alarm'
  end as status,
  case
    when source_type <> 'db-cluster' then cust_subscription_id || ' event subscription of ' || source_type || ' type.'
    when source_type = 'db-cluster' and enabled and event_categories_list @> '["failure", "maintenance"]' then cust_subscription_id || ' event subscription enabled for critical db cluster events.'
    else cust_subscription_id || ' event subscription missing critical db cluster events.'
  end as reason
  , region, account_id
from
  aws_rds_db_event_subscription;

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = application_monitoring
foundational_security_item_id = rds_19
plugin = aws
service = AWS/RDS