fluidasserts.cloud.aws.rds module

AWS cloud checks (RDS).

fluidasserts.cloud.aws.rds.has_encryption_disabled(key_id, secret, retry=True)

Check if the instances have StorageEncrypted disabled.

Parameters
  • key_id (str) – AWS Key Id.

  • secret (str) – AWS Key Secret.

Returns

  • OPEN if there are instances with StorageEncrypted

    disabled.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.cloud.aws.rds.has_not_deletion_protection(key_id, secret, retry=True)

Check if the database instances are not protected against deletion.

Parameters
  • key_id (str) – AWS Key Id.

  • secret (str) – AWS Key Secret.

Returns

  • OPEN if there are instances no protected.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.cloud.aws.rds.has_public_instances(key_id, secret, retry=True)

Check if RDS DB instances are publicly accessible.

Parameters
  • key_id (str) – AWS Key Id

  • secret (str) – AWS Key Secret

Return type

tuple

fluidasserts.cloud.aws.rds.has_public_snapshots(key_id, secret, retry=True)

Check for snapshots that allow public access.

Parameters
  • key_id (str) – AWS Key Id.

  • secret (str) – AWS Key Secret.

Returns

  • OPEN if there are snapshots that allow public access.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.cloud.aws.rds.is_cluster_not_inside_a_db_subnet_group(key_id, secret, retry=True)

Check if Database clusters are inside a DB Subnet Group.

Parameters
  • key_id (str) – AWS Key Id

  • secret (str) – AWS Key Secret

Return type

tuple

fluidasserts.cloud.aws.rds.is_instance_not_inside_a_db_subnet_group(key_id, secret, retry=True)

Check if Database Instances are inside a DB Subnet Group.

Parameters
  • key_id (str) – AWS Key Id

  • secret (str) – AWS Key Secret

Return type

tuple

fluidasserts.cloud.aws.rds.not_uses_iam_authentication(key_id, secret, retry=True)

Check if the BD instances are not using IAM database authentication.

Parameters
  • key_id (str) – AWS Key Id.

  • secret (str) – AWS Key Secret.

Returns

  • OPEN if there are instances that do not use IAM database

    authentication.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.cloud.aws.rds.unrestricted_db_security_groups(key_id, secret, retry=True)

Check if the database security groups allow unrestricted access.

AWS RDS DB security groups should not allow access from 0.0.0.0/0.

Parameters
  • key_id (str) – AWS Key Id.

  • secret (str) – AWS Key Secret.

Returns

  • OPEN if there are instances that do not use IAM database

    authentication.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result