DocumentDB parameter group TLS configuration not enabled Affecting DocumentDB service in AWS
Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Data/ Encryption in Transit
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk IDSNYK-CC-00758
- creditSnyk Research Team
Description
Disabling TLS for DocumentDB compromises the security of data by making it susceptible to interception and man-in-the-middle (MITM) attacks. Enabling TLS ensures that data is encrypted in transit and mitigates the risk of data exposure.
How to fix?
Set the parameter.name attribute to tls and parameter.value attribute to enabled in the aws_docdb_cluster_parameter_group resource.
Example Configuration
resource "aws_docdb_cluster_parameter_group" "allow" {
family = "docdb5.0"
name = "tls-enabled-parameter"
description = "docdb cluster parameter group"
parameter {
name = "tls"
value = "enabled"
}
}