mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 23:05:05 +00:00
24 lines
1.1 KiB
Plaintext
24 lines
1.1 KiB
Plaintext
CHECK_ID_extra78="7.8,7.08"
|
|
CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
|
|
CHECK_SCORED_extra78="NOT_SCORED"
|
|
CHECK_ALTERNATE_extra708="extra78"
|
|
CHECK_ALTERNATE_check78="extra78"
|
|
CHECK_ALTERNATE_check708="extra78"
|
|
|
|
extra78(){
|
|
# "Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
|
|
textInfo "Looking for RDS instances in all regions... "
|
|
for regx in $REGIONS; do
|
|
LIST_OF_RDS_PUBLIC_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[?PubliclyAccessible==`true`].[DBInstanceIdentifier,Endpoint.Address]' --output text)
|
|
if [[ $LIST_OF_RDS_PUBLIC_INSTANCES ]];then
|
|
while read -r rds_instance;do
|
|
RDS_NAME=$(echo $rds_instance | awk '{ print $1; }')
|
|
RDS_DNSNAME=$(echo $rds_instance | awk '{ print $2; }')
|
|
textFail "$regx: RDS instance: $RDS_NAME at $RDS_DNSNAME is set as Publicly Accessible!" "$regx"
|
|
done <<< "$LIST_OF_RDS_PUBLIC_INSTANCES"
|
|
else
|
|
textPass "$regx: no Publicly Accessible RDS instances found" "$regx"
|
|
fi
|
|
done
|
|
}
|