/
AWS-RDS-RDS-Publicly-Accessible
AWS-RDS-RDS-Publicly-Accessible
Severity: Critical
Description: This control ensures that RDS DB Instance is not associated with a public subnet.Having any resources such as RDS DB Instances in a public subnet should be avoided unless absolutely needed as they can be accessed from the Internet.
Remediation Steps:
Perform following to remove RDS instance public access :
Login to the AWS Management Console at https://console.aws.amazon.com as root user.
Navigate to VPC console.
On Navigation pane, choose Route Tables.
Click on the route table to be modified.
Under the route table description select Routes tab and click Edit Routes.
Remove any routes which provide public access and modify other routes accordingly.
Click on Save routes.
Important:
Reference :
, multiple selections available,
Related content
AWS-EC2-VPC-Endpoint-Exposed
AWS-EC2-VPC-Endpoint-Exposed
Read with this
AWS Misconfiguration Remediations
AWS Misconfiguration Remediations
Read with this
AWS-S3-Secure-Transport
AWS-S3-Secure-Transport
Read with this
AWS-RDS-RDS-IAM-Database-Authentication-Enabled
AWS-RDS-RDS-IAM-Database-Authentication-Enabled
Read with this
AWS-S3-S3-Bucket-Logging
AWS-S3-S3-Bucket-Logging
Read with this
Blue Hexagon Proprietary