Secure AWS Database Migration Service endpoints High

Overly permissive access is granted by the AWS route table with VPC peering to all traffic. Make sure that AWS Database Migration Service endpoints have SSL configured.

Detector ID
terraform/secure-dms-endpoints-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1data "aws_iam_policy_document" "task_policy" {
2  version = "2012-10-17"
3
4  statement {
5    effect = "Allow"
6    # Noncompliant: IAM policies documents used "*" as a statement's action.
7    actions = [
8      "*"
9    ]
10    resources = [
11      "arn:aws:s3:::my_corporate_bucket/*",
12    ]
13  }
14}

Compliant example

1data "aws_iam_policy_document" "task_policy" {
2  version = "2012-10-17"
3
4  statement {
5    effect = "Allow"
6    # Compliant: IAM policies documents used specific action.
7    actions = ["s3:*"]
8    resources = [
9      "arn:aws:s3:::my_corporate_bucket/*",
10    ]
11  }
12}