DocumentDB parameter group TLS configuration not enabled Affecting DocumentDB service in AWS

Severity Framework Snyk CCSS

Rule category Data / Encryption in Transit

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00758
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Disabling TLS for DocumentDB compromises the security of data by making it susceptible to interception and man-in-the-middle (MITM) attacks. Enabling TLS ensures that data is encrypted in transit and mitigates the risk of data exposure.

How to fix?

Set the parameter.name attribute to tls and parameter.value attribute to enabled in the aws_docdb_cluster_parameter_group resource.

Example Configuration

resource "aws_docdb_cluster_parameter_group" "allow" {
  family      = "docdb5.0"
  name        = "tls-enabled-parameter"
  description = "docdb cluster parameter group"

  parameter {
    name  = "tls"
    value = "enabled"
  }
}

DocumentDB parameter group TLS configuration not enabled Affecting DocumentDB service in AWS

Description

How to fix?

Example Configuration

Terraform