CRITICAL
Source
Trivy/CSPM
CSPM ID
rds-publicly-accessible
ID
AVD-AWS-0082

A database resource is marked as publicly accessible.

Database resources should not publicly available. You should limit all access to the minimum that is required for your application to function.

Impact

The database instance is publicly accessible

Follow the appropriate remediation steps below to resolve the issue.

Set the database to not be publicly accessible

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
AWSTemplateFormatVersion: 2010-09-09
Description: Bad example
Resources:
  Queue:
    Type: AWS::RDS::DBInstance
    Properties:
      PubliclyAccessible: false
  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for RDS. Step
  3. Scroll down the left navigation panel and choose “Databases”. Step
  4. Select the “Database” that needs to be verified and click on the selected “Databse” from the “DB identifier” column to access the database.Step
  5. Click on the “Connectivity & Security” under the selected database configuration page.Step
  6. Scroll down the “Connectivity & Security” tab and check the “Security” section.Check the “Public Accessibility” and if it’s “Yes” then selected database can launched into the public cloud .Step
  7. Repeat steps number 2 - 6 to check other RDS instances.
  8. Select the “Database” on which “Public Accessibility” needs to be disable. Click the “Modify” button at the top to make the necessary changes.Step
  9. Scroll down the “Modify DB Instance” page and check for “Public Accessibility” under “Network & Security”.Step
  10. On the “Public Accessibility” section under “Network & Security” click on the “No” button.Step
  11. Scroll down the “Modify DB Instance” page and click on “Continue” button. Step
  12. On the “Scheduling of modifications” choose “Apply immediately” so that it will made the above changes applied as soon as possible and click on the “Modify DB Instance” button. Step
  13. Repeat steps number 8 - 12 to remove the public endpoint from the RDS instances .

Set the database to not be publicly accessible

1
2
3
resource "aws_db_instance" "good_example" {
  publicly_accessible = false
}