AWS-RDS-database-instances-accessibility-private-only

Severity: High

Description: This control ensures that Public Accessibility is set to No for Database Instances. When Public Accessibility is set to Yes, Public IP address will be assigned to a database instance. EC2 instances and devices outside of the VPC hosting the DB instance will be able to connect to the DB instances. Public exposure to database increases attack vector.

Remediation Steps:

Perform following to RDS access rules :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to RDS console.

3. In the navigation pane, Click on Instances.

4. Click on DB instance Name to open properties.

5. Click the Modify.

6. In Section Network & Security, Set Public accessibility to No.

7. Click Continue, Click Modify DB Instance.

Important:

• If there is a business need to expose database instance over public networks, configure security group rules to restrict traffic only to the trusted Public IPs.

Reference :

• Working with a DB instance in a VPC - Amazon Relational Database Service