🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: RDS databases and clusters should not use a database engine default port

Description

This control checks whether the RDS cluster or instance uses a port other than the default port of the database engine.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.rds_db_instance_and_cluster_no_default_port

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.rds_db_instance_and_cluster_no_default_port --share

SQL

This control uses a named query:

(
select
  arn as resource,
  case
      when engine similar to '%(aurora|mysql|mariadb)%' and port = '3306' then 'alarm'
      when engine like '%postgres%' and port = '5432' then 'alarm'
      when engine like 'oracle%' and port = '1521' then 'alarm'
      when engine like 'sqlserver%' and port = '1433' then 'alarm'
    else 'ok'
  end as status,
  case
      when engine similar to '%(aurora|mysql|mariadb)%' and port = '3306' then  title || ' ' ||  engine || ' uses a default port.'
      when engine like '%postgres%' and port = '5432' then  title || ' ' ||  engine || ' uses a default port.'
      when engine like 'oracle%' and port = '1521' then  title || ' ' ||  engine || ' uses a default port.'
      when engine like 'sqlserver%' and port = '1433' then  title || ' ' ||  engine || ' uses a default port.'
    else title || ' doesnt use a default port.'
  end as reason
  
  , region, account_id
from
  aws_rds_db_cluster
)
union
(
select
  arn as resource,
  case
      when engine similar to '%(aurora|mysql|mariadb)%' and port = '3306' then 'alarm'
      when engine like '%postgres%' and port = '5432' then 'alarm'
      when engine like 'oracle%' and port = '1521' then 'alarm'
      when engine like 'sqlserver%' and port = '1433' then 'alarm'
    else 'ok'
  end as status,
  case
      when engine similar to '%(aurora|mysql|mariadb)%' and port = '3306' then  title || ' ' ||  engine || ' uses a default port.'
      when engine like '%postgres%' and port = '5432' then  title || ' ' ||  engine || ' uses a default port.'
      when engine like 'oracle%' and port = '1521' then  title || ' ' ||  engine || ' uses a default port.'
      when engine like 'sqlserver%' and port = '1433' then  title || ' ' ||  engine || ' uses a default port.'
    else title || ' doesnt use a default port.'
  end as reason
  
  , region, account_id
from
  aws_rds_db_instance
);

Tags

category = Compliance
plugin = aws
service = AWS/RDS