AWS RDS
The AWS RDS Analyzer provides insights into the security, compliance, and operational health of RDS clusters. It identifies misconfigurations such as unencrypted storage, missing SSL enforcement, and absent IAM authentication.
Required Blueprints: AWS
Sightlines
| Sightline | Description |
|---|---|
| RDS Security | Surfaces security configurations and misconfigurations for RDS database instances, focusing on encryption, authentica... |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
aws.rds.DBInstance, aws.rds.DBCluster, aws.rds.DBSnapshot
Related Analyzers
- AWS IAM — Database authentication and IAM access control
- AWS Network — Database instances in VPC/subnets with security groups
- Database — Cross-provider database analysis including schema and user access
Insight Feed Alerts
RDS Database instances with storage encryption disabled
Identifies database instances lacking storage encryption, posing a risk of non-compliance with data protection standards.
RDS Database instances without SSL/TLS enforced
Flags instances where SSL/TLS is not enforced, risking unencrypted data transmission.
RDS Database instances without IAM Authentication
Points to instances without IAM authentication enabled, reducing access control efficiency.
Unencrypted RDS instance snapshots
Detects RDS snapshots that are not encrypted, exposing backups to unauthorized access.