AWS-RDS-DB-master-username-non-default
- naveen
Severity: High
Description: This control ensures that the RDS DB Instance use unique Master Usernames instead of defaults ("root", "awsuser", "admin", "rdsadmin"). This user has extensive privileges on the database instance which includes creation on databases and modifications of tables. If not specified during the time of creation of the Instance, a default username is set for the Master username.
Remediation Steps:
Perform following to update RDS instance master username :
Login to the AWS Management Console at https://console.aws.amazon.com as root user.
Navigate to RDSÂ console.
Step1 - Create a new DB Instance
On Navigation pane on left side, click Databases.
Click Create Database button.
Configure the setting similar to the old DB Instance.
Click Under Credential Setting under Settings, enter a unique alpha-numerical username for Master Username.
Click Create Database.
Step 2 - Delete old DB Instance
On Navigation pane on left side, click Databases.
Select a DB Instance to delete.
Click on Select a DB Instance to delete.
Click on Actions and choose Delete.
For Create final Snapshot?, choose Yes or No. If you chose yes, for Final snapshot name type the name of your final DB snapshot.
Type delete me in the box.
Choose Delete and choose Delete.
For Create final Snapshot?, choose Yes or No. If you chose yes, for Final snapshot name type the name of your final DB snapshot.
Type Delete me in the box.
Choose Delete.
Important:
Master username of an RDS DB Instance cannot be modified after the instance is created
The new DB Instance should be configured with same settings as the old Instance
After required connection string modifications and security group updates, ensure all applications are successfully connecting and querying to the new DB Instance
Reference :
Blue Hexagon Proprietary