RDS instance does not have FedRAMP approved database engine Affecting RDS service in AWS

Severity Framework Snyk CCSS

Rule category Data / Audit

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

NIST-800-53

Snyk ID SNYK-CC-00135
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

FedRAMP-approved database engines such as MySQL and PostgresQL satisfy strict U.S. government requirements for securing sensitive data. An RDS instance should use an approved database engine.

How to fix?

Set the aws_db_instance engine field to a FedRAMP approved database engine.

Example Configuration

See FedRAMP approved database engines.

resource "aws_db_instance" "instance-engine-test" {
    engine               = "mysql"
    # other required fields here
}

Terraform

Resource: aws_db_instance