01 - RDS Publicly Accessible

Ensure your RDS instances are not publicly accessible and exposed to the internet

Ensure that your RDS database instances are not exposed to the internet as this could lead to potential data loss as you are giving direct access to your database. This is why it is considered a security best practice and should have public access removed. Ensuring public access is blocked will help you with PCI-DSS,NIST, HIPPA and GDPR compliance.

Audit & Remediation

Login into your AWS account
Navigate to the RDS service at: https://console.aws.amazon.com/rds
On the left hand panel select Databases.

Select the DB Identifier hyperlink for the database instance you would like to check.
Under Connectivity & security check if the Public accessibility is set to Yes.

if Public accessibility is set to Yes your database has a publicly accessible endpoint and may be exposed to the internet.
At top right corner of this page select the Modify button.
Scroll down to Connectivity and then expand Additional connectivity configuration and select Not publicly accessible.

Repeat the outlined steps for each db instance.
Repeat the outlined steps for each region you have rds instances running.

See all of your AWS RDS Instances in a single place!

Do you want to see all of your RDS Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.