Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
36Dashboards
1612Benchmarks
682Queries
9Variables
GitHub

Control: RDS DB proxy should require TLS for all connections

Description

This control checks whether an Amazon RDS DB proxy requires TLS for all connections between the proxy and the underlying RDS DB instance. The control fails if the proxy doesn't require TLS for all connections between the proxy and the RDS DB instance.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.rds_db_proxy_tls_encryption_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.rds_db_proxy_tls_encryption_enabled --share

SQL

This control uses a named query:

select
  db_proxy_arn as resource,
  case
    when require_tls then 'ok'
    else 'alarm'
  end as status,
  case
    when require_tls then title || ' requires TLS for all connections.'
    else title || ' does not require TLS for all connections.'
  end as reason
  
  , region, account_id
from
  aws_rds_db_proxy;

Tags

category = Compliance
plugin = aws
service = AWS/RDS