Free Assessment

Amazon_RDS_4

Ensure RDS Database is not publicly accessible

Description

Amazon Relational Database Service (RDS) is a managed relational database service which handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair.
There are 6 database engines available for customer to run their database workloads on:

  • Amazon Aurora (MySQL Compatible)
  • MySQL
  • MariaDB
  • Oracle
  • Microsoft SQL Server
  • PostgreSQL


Customers can deploy RDS databases within a VPC through the configuration of:

  • Subnet Group for RDS, this group will be used for deployment of single or Multi-AZ RDS instances.
  • Network access through configuration of Security Groups for RDS
  • Access from outside the VPC hosting the DB instance by enabling/disabling a Public IP address

Remediation

Perform the following steps to remove public access for RDS

Using the Amazon unified command line interface:

  • Modify each publicly accessible DB instance, and make it private:
    aws rds modify-db-instance –db-instance-identifier <your_db_instance> –no-publicly-accessible

References:

  1. http://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-instance.html
  2. http://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-instances.html

Service

RDS

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More