DocumentDB parameter group TLS configuration not enabled Affecting DocumentDB service in AWS
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00758
- creditSnyk Research Team
Description
Disabling TLS for DocumentDB compromises the security of data by making it susceptible to interception and man-in-the-middle (MITM) attacks. Enabling TLS ensures that data is encrypted in transit and mitigates the risk of data exposure.
How to fix?
Set the parameter.name attribute to tls and parameter.value attribute to enabled in the aws_docdb_cluster_parameter_group resource.
Example configuration:
resource "aws_docdb_cluster_parameter_group" "allow" {
family = "docdb5.0"
name = "tls-enabled-parameter"
description = "docdb cluster parameter group"
parameter {
name = "tls"
value = "enabled"
}
}