Plugin Title RDS Publicly Accessible
Cloud AWS
Category RDS
Description Ensures RDS instances are not launched into the public cloud
More Info Unless there is a specific business requirement, RDS instances should not have a public endpoint and should be accessed from within a VPC only.
AWS Link http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html
Recommended Action Remove the public endpoint from the RDS instance


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for RDS.
  3. Scroll down the left navigation panel and choose "Databases".
  4. Select the "Database" that needs to be verified and click on the selected "Databse" from the "DB identifier" column to access the database.
  5. Click on the "Connectivity & Security" under the selected database configuration page.
  6. Scroll down the "Connectivity & Security" tab and check the "Security" section.Check the "Public Accessibility" and if it's "Yes" then selected database can launched into the public cloud .
  7. Repeat steps number 2 - 6 to check other RDS instances.
  8. Select the "Database" on which "Public Accessibility" needs to be disable. Click the "Modify" button at the top to make the necessary changes.
  9. Scroll down the "Modify DB Instance" page and check for "Public Accessibility" under "Network & Security".
  10. On the "Public Accessibility" section under "Network & Security" click on the "No" button.
  11. Scroll down the "Modify DB Instance" page and click on "Continue" button.
  12. On the "Scheduling of modifications" choose "Apply immediately" so that it will made the above changes applied as soon as possible and click on the "Modify DB Instance" button.
  13. Repeat steps number 8 - 12 to remove the public endpoint from the RDS instances .

Want to scan for this risk automatically?

Get Started Now