AWS-RDS-RDS-Publicly-Accessible

Severity: Critical

Description: This control ensures that RDS DB Instance is not associated with a public subnet.Having any resources such as RDS DB Instances in a public subnet should be avoided unless absolutely needed as they can be accessed from the Internet.

Remediation Steps:

Perform following to remove RDS instance public access :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to VPC console.

3. On Navigation pane, choose Route Tables.

4. Click on the route table to be modified.

5. Under the route table description select Routes tab and click Edit Routes.

6. Remove any routes which provide public access and modify other routes accordingly.

7. Click on Save routes.

Important:

Reference :

• https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-tables-priority

• Update your route tables for a VPC peering connection - Amazon Virtual Private Cloud