Launch Week 11 announcements & demos →
← Changelog

aws-rds v5.34.0 - Identify and remove unallowed resources from CMDB

Jan 16, 2026Mods

What's new?

Control Types

  • AWS > RDS > DB Cluster > Allowed
  • AWS > RDS > DB Cluster > Allowed > Custom
  • AWS > RDS > DB Cluster > Allowed > Encryption at Rest
  • AWS > RDS > DB Cluster > Allowed > Region
  • AWS > RDS > DB Cluster Parameter Group > Allowed
  • AWS > RDS > DB Cluster Parameter Group > Allowed > Custom
  • AWS > RDS > DB Cluster Parameter Group > Allowed > Region
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed > Custom
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed > Region
  • AWS > RDS > DB Instance > Allowed
  • AWS > RDS > DB Instance > Allowed > Custom
  • AWS > RDS > DB Instance > Allowed > Database Engine
  • AWS > RDS > DB Instance > Allowed > Encryption at Rest
  • AWS > RDS > DB Instance > Allowed > Instance Class
  • AWS > RDS > DB Instance > Allowed > Region
  • AWS > RDS > DB Parameter Group > Allowed
  • AWS > RDS > DB Parameter Group > Allowed > Custom
  • AWS > RDS > DB Parameter Group > Allowed > Region
  • AWS > RDS > DB Snapshot [Manual] > Allowed
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Custom
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Encryption at Rest
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Region
  • AWS > RDS > Global Cluster > Allowed
  • AWS > RDS > Global Cluster > Allowed > Custom
  • AWS > RDS > Option Group > Allowed
  • AWS > RDS > Option Group > Allowed > Custom
  • AWS > RDS > Option Group > Allowed > Region
  • AWS > RDS > Subnet Group > Allowed
  • AWS > RDS > Subnet Group > Allowed > Custom
  • AWS > RDS > Subnet Group > Allowed > Region

Policy Types

  • AWS > RDS > Allowed Regions [Default]
  • AWS > RDS > DB Cluster > Allowed
  • AWS > RDS > DB Cluster > Allowed > Custom
  • AWS > RDS > DB Cluster > Allowed > Custom > Rules
  • AWS > RDS > DB Cluster > Allowed > Encryption at Rest
  • AWS > RDS > DB Cluster > Allowed > Encryption at Rest > Level
  • AWS > RDS > DB Cluster > Allowed > Encryption at Rest > Level > Customer Managed Key
  • AWS > RDS > DB Cluster > Allowed > Region
  • AWS > RDS > DB Cluster > Allowed > Region > Regions
  • AWS > RDS > DB Cluster Parameter Group > Allowed
  • AWS > RDS > DB Cluster Parameter Group > Allowed > Custom
  • AWS > RDS > DB Cluster Parameter Group > Allowed > Custom > Rules
  • AWS > RDS > DB Cluster Parameter Group > Allowed > Region
  • AWS > RDS > DB Cluster Parameter Group > Allowed > Region > Regions
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed > Custom
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed > Custom > Rules
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed > Region
  • AWS > RDS > DB Cluster Snapshot [Manual] > Allowed > Region > Regions
  • AWS > RDS > DB Instance > Allowed
  • AWS > RDS > DB Instance > Allowed > Custom
  • AWS > RDS > DB Instance > Allowed > Custom > Rules
  • AWS > RDS > DB Instance > Allowed > Database Engine
  • AWS > RDS > DB Instance > Allowed > Database Engine > Engines
  • AWS > RDS > DB Instance > Allowed > Encryption at Rest
  • AWS > RDS > DB Instance > Allowed > Encryption at Rest > Level
  • AWS > RDS > DB Instance > Allowed > Encryption at Rest > Level > Customer Managed Key
  • AWS > RDS > DB Instance > Allowed > Instance Class
  • AWS > RDS > DB Instance > Allowed > Instance Class > Classes
  • AWS > RDS > DB Instance > Allowed > Region
  • AWS > RDS > DB Instance > Allowed > Region > Regions
  • AWS > RDS > DB Parameter Group > Allowed
  • AWS > RDS > DB Parameter Group > Allowed > Custom
  • AWS > RDS > DB Parameter Group > Allowed > Custom > Rules
  • AWS > RDS > DB Parameter Group > Allowed > Region
  • AWS > RDS > DB Parameter Group > Allowed > Region > Regions
  • AWS > RDS > DB Snapshot [Manual] > Allowed
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Custom
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Custom > Rules
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Encryption at Rest
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Encryption at Rest > Level
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Encryption at Rest > Level > Customer Managed Key
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Region
  • AWS > RDS > DB Snapshot [Manual] > Allowed > Region > Regions
  • AWS > RDS > Global Cluster > Allowed
  • AWS > RDS > Global Cluster > Allowed > Custom
  • AWS > RDS > Global Cluster > Allowed > Custom > Rules
  • AWS > RDS > Option Group > Allowed
  • AWS > RDS > Option Group > Allowed > Custom
  • AWS > RDS > Option Group > Allowed > Custom > Rules
  • AWS > RDS > Option Group > Allowed > Region
  • AWS > RDS > Option Group > Allowed > Region > Regions
  • AWS > RDS > Subnet Group > Allowed
  • AWS > RDS > Subnet Group > Allowed > Custom
  • AWS > RDS > Subnet Group > Allowed > Custom > Rules
  • AWS > RDS > Subnet Group > Allowed > Region
  • AWS > RDS > Subnet Group > Allowed > Region > Regions

Bug fixes

  • The AWS > RDS > DB Instance > Approved control previously entered an alarm state when validating encryption at rest for DB instances encrypted with customer managed keys, particularly when validating against KMS key aliases. The control has been updated to correctly handle both data structure formats, ensuring accurate encryption validation in all cases.