RDS instance ‘Publicly Accessible’ should not be enabled¶
Description¶
Publicly accessible RDS instances allow any AWS user or anonymous user access to the data in the database. RDS instances should not be publicly accessible.
Remediation Steps¶
AWS Console¶
Navigate to RDS.
In the left navigation, select Databases.
Select RDS instance that you want to edit.
In Connectivity & security, within Public accessibility section, select No.
Click Continue.
In Scheduling of modifications, select whether you want to apply the modifications during the the next scheduled maintenance window or apply immediately.
Click Modify DB Instance.
AWS CLI¶
Disable ‘Publicly Accessible’ for the RDS instance- for Linux, macOS, or Unix:
aws rds modify-db-instance \
--db-instance-identifier mydbinstance \
--no-publicly-accessible \
--no-apply-immediately
Disable ‘Publicly Accessible’ for the RDS instance- for Windows
aws rds modify-db-instance ^
--db-instance-identifier mydbinstance ^
--no-publicly-accessible ^
--no-apply-immediately
Terraform¶
Ensure that the aws_db_instance
publicly_accessible
field is set to “false”.
Example Configuration¶
resource "aws_db_instance" "example" {
publicly_accessible = false
# other required fields here
}