Configuration template to launch an Aurora cluster with MySQL compatibility with one or more instances. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an Aurora cluster with PostgreSQL compatibility with one or more instances. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running MySQL. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running PostgreSQL. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running MariaDB. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running Microsoft SQL Server Standard (Enterprise, Web and Express are also supported). The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Create an RDS DB subnet group which is a collection of VPC subnets that are designated for database instances

Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

Custom RDS Event Subscription template to allow users to configure notifications for RDS Events (provided through an SNS topic)

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for failure events for RDS Instances.

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for failure, low storage, and availability event categories for RDS Instances.

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for backup events for RDS Instances.

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Snapshot events

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Cluster Snapshot events

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Parameter Group configuration changes events

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Security Group configuration changes events

A policy that allows restoring RDS databases. This policy also provides the permissions necessary to complete this action programmatically and in the console.

A policy that allows tag owners full access to RDS resources that they have tagged (Tag key: Owner, Tag Value: <IAM username>). This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

An IAM policy that allows users to only launch RDS instances of a specific instance type and database engine (Default: t2.micro and mysql).

An IAM policy that grants permissions to allow a user to only create a DB instance that must use specific DB parameter group and DB security group.

An IAM policy that prevents a user from deleting a specific DB instance.

Checks whether storage encryption is enabled for your RDS DB instances.

Checks whether high availability is enabled for your RDS DB instances. (Note: This rule does not evaluate Amazon Aurora databases.)

Check that no RDS Instances are in Public Subnet.

A config rule that checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances

A Config rule that checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. The rule is non-compliant if any existing and new Amazon RDS snapshots are public.

A config rule that checks whether RDS DB instances have backups enabled. Optionally, the rule checks the backup retention period and the backup window.

A config rule that checks whether the Amazon Relational Database Service instances are not publicaly accessible. The rule is NON_COMPLIANT if the publiclyAccessible field is true in the instance configuration item.

A config rule that checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted. The rule is NON_COMPLIANT, if Amazon RDS DB snapshots are not encrypted.

A config rule that checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled. This rule is NON_COMPLIANT if an RDS cluster does not have deletion protection enabled.

A config rule that checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled. This rule is NON_COMPLIANT if an Amazon RDS instance does not have deletion protection enabled i.e deletionProtection is set to false.

A config rule that checks if an Amazon Relational Database Service (Amazon RDS) instance has AWS Identity and Access Management (IAM) authentication enabled. This rule is NON_COMPLIANT if an Amazon RDS instance does not have AWS IAM authentication enabled i.e configuration.iAMDatabaseAuthenticationEnabled is set to false.

A config rule that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled. The rule is NON_COMPLIANT if any log types are not enabled.

A Config rule that checks whether Amazon RDS database is present in back plans of AWS Backup. The rule is NON_COMPLIANT if Amazon RDS databases are not included in any AWS Backup plan.

A Config rule that checks if there are any Amazon Relational Database Service (RDS) DB security groups that are not the default DB security group. The rule is NON_COMPLIANT is there are any DB security groups that are not the default DB security group.

A Config rule that checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value. This rule will only run on RDS database instances. The rule is NON_COMPLIANT if the admin username is set to the default value.

A Config rule that checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value. This rule will only run on RDS database instances. The rule is NON_COMPLIANT if the admin username is set to the default value.

A Config rule that checks if an Amazon Aurora MySQL cluster has backtracking enabled. This rule is NON_COMPLIANT if the Aurora cluster uses MySQL and it does not have backtracking enabled.

A Config rule that checks if Amazon Relational Database Service (RDS) database instances are configured for automatic minor version upgrades. The rule is NON_COMPLIANT if the value of autoMinorVersionUpgrade is false.

A Config rule that checks if an Amazon RDS Cluster has AWS Identity and Access Management (IAM) authentication enabled. The rule is NON_COMPLIANT if an RDS Cluster does not have IAM authentication enabled.

A security group that allows inbound access to a Maria DB instance.

A security group that allows inbound access to a Microsoft SQL server instance.

A security group that allows inbound access to a MySQL server instance.

A security group that allows inbound access to an Oracle server instance.

A security group that allows inbound access to an PostgreSQL server instance.