Control: RDS databases and clusters should not use a database engine default port
Description
This control checks whether the RDS cluster or instance uses a port other than the default port of the database engine.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.rds_db_instance_and_cluster_no_default_portSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.rds_db_instance_and_cluster_no_default_port --shareSQL
This control uses a named query:
( select address as resource, case when (attributes_std -> 'engine') is null and (attributes_std -> 'port') is null then 'alarm' when (attributes_std ->> 'engine') similar to '%(aurora|mysql|mariadb)%' and ((attributes_std ->> 'port')::int = 3306 or (attributes_std -> 'port') is null) then 'alarm' when (attributes_std ->> 'engine') like '%postgres%' and ((attributes_std ->> 'port')::int = 5432 or (attributes_std -> 'port') is null) then 'alarm' when (attributes_std ->> 'engine') like 'oracle%' and ((attributes_std ->> 'port')::int = 1521 or (attributes_std -> 'port') is null) then 'alarm' when (attributes_std ->> 'engine') like 'sqlserver%' and ((attributes_std ->> 'port')::int = 1433 or (attributes_std -> 'port') is null) then 'alarm' else 'ok' end status, split_part(address, '.', 2) || case when (attributes_std -> 'engine') is null and (attributes_std -> 'port') is null then ' uses a default port' when (attributes_std ->> 'engine') similar to '%(aurora|mysql|mariadb)%' and ((attributes_std ->> 'port')::int = 3306 or (attributes_std -> 'port') is null) then ' uses a default port' when (attributes_std ->> 'engine') like '%postgres%' and ((attributes_std ->> 'port')::int = 5432 or (attributes_std -> 'port') is null) then ' uses a default port' when (attributes_std ->> 'engine') like 'oracle%' and ((attributes_std ->> 'port')::int = 1521 or (attributes_std -> 'port') is null) then ' uses a default port' when (attributes_std ->> 'engine') like 'sqlserver%' and ((attributes_std ->> 'port')::int = 1433 or (attributes_std -> 'port') is null) then ' uses a default port' else ' does not use a default port' end || '.' reason , path || ':' || start_line from terraform_resource where type = 'aws_rds_cluster')union( select address as resource, case when (attributes_std ->> 'engine') similar to '%(aurora|mysql|mariadb)%' and ((attributes_std ->> 'port')::int = 3306 or (attributes_std -> 'port') is null) then 'alarm' when (attributes_std ->> 'engine') like '%postgres%' and ((attributes_std ->> 'port')::int = 5432 or (attributes_std -> 'port') is null) then 'alarm' when (attributes_std ->> 'engine') like 'oracle%' and ((attributes_std ->> 'port')::int = 1521 or (attributes_std -> 'port') is null) then 'alarm' when (attributes_std ->> 'engine') like 'sqlserver%' and ((attributes_std ->> 'port')::int = 1433 or (attributes_std -> 'port') is null) then 'alarm' else 'ok' end status, split_part(address, '.', 2) || case when (attributes_std ->> 'engine') similar to '%(aurora|mysql|mariadb)%' and ((attributes_std ->> 'port')::int = 3306 or (attributes_std -> 'port') is null) then ' uses a default port' when (attributes_std ->> 'engine') like '%postgres%' and ((attributes_std ->> 'port')::int = 5432 or (attributes_std -> 'port') is null) then ' uses a default port' when (attributes_std ->> 'engine') like 'oracle%' and ((attributes_std ->> 'port')::int = 1521 or (attributes_std -> 'port') is null) then ' uses a default port' when (attributes_std ->> 'engine') like 'sqlserver%' and ((attributes_std ->> 'port')::int = 1433 or (attributes_std -> 'port') is null) then ' uses a default port' else ' does not use a default port' end || '.' reason , path || ':' || start_line from terraform_resource where type = 'aws_db_instance');