id: rds-event-sub
info:
  name: RDS Security Group Event Notifications
  author: princechaddha
  severity: high
  description: |
    Ensure RDS event notification subscriptions are active for database security group events to monitor and react to changes in security configurations.
  impact: |
    Without notifications for security group events, unauthorized changes may go unnoticed, potentially leading to security breaches or data exposure.
  remediation: |
    Enable Amazon RDS event notification subscriptions for relevant database security group events through the AWS Management Console or AWS CLI.
  reference:
    - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html
  tags: cloud,devops,aws,amazon,rds,aws-cloud-config

variables:
  region: "ap-northeast-1"

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      aws rds describe-event-subscriptions --region $region --query "EventSubscriptionsList[?SourceType == 'db-security-group'].CustSubscriptionId"

    matchers:
      - type: word
        words:
          - '[]'

    extractors:
      - type: dsl
        dsl:
          - '"There are no Amazon RDS event subscriptions created for database security groups available in " + region + " AWS region."'
# digest: 4a0a00473045022100d0e7c297ffbf01f4d58eb375f52c497c11d13d84ee6bef8ed036f4a106d379c202206dc81dfc93a492e7f043e3f0e9ca706ce541e875fcf1cec0345a2082cb41fdb6:922c64590222798bb761d5b6d8e72950