Ensure that your Amazon RDS production databases are not using 'awsuser' as master username, regardless of the RDS database engine type used, instead a unique alphanumeric string must be defined as the login ID for the master user.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Since 'awsuser' is the Amazon's example (default) for the RDS database master username, many AWS customers will use this username for their RDS databases in production, therefore malicious users can use this information to their advantage and frequently try to use 'awsuser' for the master username during brute-force attacks.
To determine if your existing RDS database instances are using "awsuser" as master username, perform the following:
Remediation / Resolution
To change the master username for your RDS database instances you need to re-create them and migrate the existing data to the new instances. To set secure master usernames for all your RDS databases, perform the following steps:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
RDS Master Username
Risk level: Low