Alibaba Cloud RDS instance does not use SSL

Description

This policy ensures that RDS instances in Alibaba Cloud use SSL to protect data in transit. Using SSL for database connections helps to encrypt data and prevent unauthorized interception or tampering of data.

Failing to enable SSL for RDS instances can result in sensitive data being transmitted in plaintext, making it vulnerable to interception and attacks.

Code Example

resource "alicloud_db_instance" "example" {
  ...
+  ssl_action = "Open"
}

Remediation

Terraform

Resource: alicloud_db_instance
Attribute: ssl_action

To mitigate this issue, ensure that the `ssl_action` attribute in the `alicloud_db_instance` resource is set to "Open" or "Update".

Example:

Rule Details

Field	Value
ID	IAC-0020
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_20

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RDS instance does not use SSL

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RDS instance does not use SSL ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud RDS instance does not use SSL

Description

Code Example

Remediation

Rule Details

References