feat(rds): Add AWS RDS cluster transport encryption check

[madereddy]

Context

Add additional RDS cluster transport level encryption logic for supported RDS versions:

For PostgreSQL and Aurora PostgreSQL clusters, if the rds.force_ssl parameter value is set to 0, the Transport Encryption feature is not enabled. For MySQL, Aurora MySQL and MariaDB clusters, if the require_secure_transport parameter value is set to OFF, the Transport Encryption feature is not enabled.

Description

Added checks for MySQL, MariaDB, PostgreSQL, Aurora PostgreSQL, and Aurora MySQL DB clusters.

Had to modify rds_instance_deletion_protection check and test as well to deal the modification to the db_clusters which allows the parameters to be read.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[madereddy]

Competing with #4002 and #4003

Recommended to merge this after #4002 as that is a more important check. Cert: rds-ca-2019 will be expiring August 22nd 2024.

[jfagoagas]

This needs to be kept as a dict using the cluster ARN as key.

[madereddy]

Changed this to a list so that it would match self.db_instances and could use similar parameter group code. I can switch this back to a dict if required or if it would cause breaking changes.

[jfagoagas]

We must use maps to store objects using the ARN as key for faster retrievals.

[madereddy]

Ahh I understand. Im going to close this PR and redo it entirely. Thank you @jfagoagas for the guidance.

[jfagoagas]

Why this?

[jfagoagas]

This needs to be kept as it was.

[madereddy]

Switched to more closely match db_instances. Can switch it back and rework the PR if this is required.

[jfagoagas]

@madereddy are you planning to re-do the PR?

[madereddy]

Yes I will redo it after the other certificate PR has been merged.

[sergargar]

@madereddy I have merged the other PR!

[madereddy]

I will start working on the update commit now