AWS-RDS-cluster-subnets-private

Severity: High

Description: This control ensures that RDS DB cluster is not associated with a public subnet.Having any resources such as RDS DB cluster in a public subnet should be avoided unless absolutely needed as they can be accessed from the Internet.

Remediation Steps:

Perform following to update RDS instance master username :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to VPC console.

3. On Navigation pane, choose Route Tables.

4. Click on the route table to be modified.

5. Under the route table description select Routes tab and click Edit Routes.

6. Remove any routes which provide public access and modify other routes accordingly.

7. Click on Save routes.

Important:

Reference :

• https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-tables-priority

• https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html