id: rds-event-notify
info:
  name: RDS Event Notification Absence
  author: princechaddha
  severity: medium
  description: |
    Checks for the activation of event notifications for Amazon RDS instances to monitor significant database events.
  impact: |
    Without event notifications, there's a risk of missing critical database events, impacting operational awareness and incident response.
  remediation: |
    Enable event notifications in Amazon RDS by creating an event subscription with Amazon SNS to receive notifications.
  reference:
    - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html
  tags: cloud,devops,aws,amazon,rds,aws-cloud-config

variables:
  region: "ap-northeast-1"

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      aws rds describe-event-subscriptions --region $region --query 'EventSubscriptionsList'

    matchers:
      - type: word
        words:
          - '[]'

    extractors:
      - type: dsl
        dsl:
          - '"No event notifications for RDS resources in " + region + " AWS region"'
# digest: 4a0a0047304502203da20f61e273f1598025e8b5fc491882b2b9b93d743bf7be37209af3351653b0022100b109b8c9e591621fe1c087381073e5d49cad3d424fa9a3491609c28d4bb8cbdf:922c64590222798bb761d5b6d8e72950