AWS RDS does not use a modern CaCert
Description
By ensuring that your AWS RDS uses a modern CA certificate, you can help ensure that the certificate used to secure connections to your database is up to date and free of known vulnerabilities. This can help protect your database from potential attacks and improve the overall security of your system.
Code Example
go
resource "aws_db_instance" "pass" {
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "mydb"
username = "foo"
password = "foobarbaz"
iam_database_authentication_enabled = true
storage_encrypted = true
ca_cert_identifier = "rds-ca-2019"
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0259 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_211 |