- AWS Audit
- RDS Audit
Checks performed
- RDS Database Snapshots Should Not Be Public
- Cluster Deletion Protection Should Be Enabled
- Log Exports Should Be Enabled
- Serverless Log Exports Should Be Enabled
- Instance Deletion Protection Should Be Enabled
- Automated Backups Should Be Enabled
- RDS Database Instances Should Not Use Default Ports
- RDS Instance Should Be of Desired Type
- RDS Instances Should Have Encryption Enabled
- RDS Databases Should Have Free Storage Space
- RDS Instance Count Should Not Exceed Limit
- Master Username Should Be Unique
- RDS Instances Should Not Be Publicly Accessible
- Backup Retention Duration Should Be Present
- RDS Instances Should Not Allow Unrestricted In/Outbound Access
- Accessibility Should Be Well-defined in Aurora Clusters
- Backtrack Feature Should Be Enabled
- RDB Instances Should Use Latest Generation of Instance Classes
- Transport Encryption Feature Should Be Enabled
- Snapshot Encryption Feature Should Be Enabled
- IAM DB authentication Should Be Enabled
- RDS instances Should Not Be Idle
- Event Notification Subscriptions Should Be Enabled
- RDS Instances Should Not Be Overutilized
- Performance Insights Feature Should Be Enabled
- Auto Minor Version Upgrade flag Should Be Enabled
- RDS Instances Should Make Use of Copy Tags
- Use Customer-Managed Keys instead of AWS-managed Keys
- Event Notifications Should Be Enabled
- General Purpose SSDs Should Be Used Instead of IOPS SSDs
- RDS DB Instances Should Not Be Provisioned in VPC Public Subnets
- Multi-AZ Deployment Should Be Used
- Renew RDS Reserved Instances Before Expiration (30 days)
- Renew RDS Reserved Instances Before Expiration (7 days)
- RDS Reserved Instances Should Not Have Status - Payment Failed
- RDS Reserved Instances Should Not Have Status - Payment Pending
- RDS Reserved Instances Purchases Should Be Reviewed Every 7 Days
- Security Groups Events Subscriptions Should Be Enabled
- RDS Instances Should Not Be Underutilized
- RDS RIs Should Have A Corresponding DB Instances
- Amazon Backup Should Be Integrated with Amazon RDS