Evaluates whether SSL is enabled on ApsaraDB RDS instances and the TLS version falls within the specified range. Compliant if both conditions are met.
Scenarios
Later TLS versions provide stronger security, privacy, performance, and encryption. When enabling SSL and selecting a TLS version for an RDS instance, consider compatibility and application requirements.
Risk level
Default risk level: medium.
You can change the risk level when you apply this rule.
Compliance evaluation logic
-
SSL is enabled and the TLS version is within the specified range: Compliant.
-
SSL is not enabled or the TLS version is outside the specified range: Non-compliant.
Rule details
|
Item |
Description |
|
Rule name |
rds-instance-tls-version-check |
|
Rule ID |
|
|
Tag |
RDS and Instance |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
ApsaraDB RDS instance |
|
Input parameter |
tlsVersion. Default value: TLSv1.2 |
Non-compliance remediation
Enable SSL on each RDS instance and set the TLS version to a value within the specified range. Modify instance parameters.