RDS instance ‘Publicly Accessible’ should not be enabled

Description

Publicly accessible RDS instances allow any AWS user or anonymous user access to the data in the database. RDS instances should not be publicly accessible.

Console Remediation Steps

  • Navigate to RDS.

  • In the left navigation, select Databases.

  • Select RDS instance that you want to edit.

  • In Connectivity & security, within Public accessibility section, select No.

  • Click Continue.

  • In Scheduling of modifications, select whether you want to apply the modifications during the the next scheduled maintenance window or apply immediately.

  • Click Modify DB Instance.

CLI Remediation Steps

  • Disable ‘Publicly Accessible’ for the RDS instance- for Linux, macOS, or Unix:

    • aws rds modify-db-instance \

    • --db-instance-identifier mydbinstance \

    • --no-publicly-accessible \

    • --no-apply-immediately

  • Disable ‘Publicly Accessible’ for the RDS instance- for Windows

    • aws rds modify-db-instance ^

    • --db-instance-identifier mydbinstance ^

    • --no-publicly-accessible ^

    • --no-apply-immediately