Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should Prohibit Public Access

This rule ensures that RDS DB instances do not allow public access, maintaining security standards.

RuleRDS DB instances should prohibit public access
FrameworkFedRAMP Low Revision 4
Severity
High

RDS DB Instances Should Prohibit Public Access for FedRAMP Low Revision 4

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP Low Impact Level baseline includes a set of security controls for systems that handle low-risk and low-impact data.

One of the requirements for systems seeking FedRAMP Low authorization is to prohibit unnecessary public access to database instances. This rule helps ensure that sensitive information is not inadvertently exposed to the public internet, reducing the chances of unauthorized access and potential attacks.

Detailed Rule Description

When configuring Relational Database Service (RDS) instances on AWS, one must ensure that the instances are not publicly accessible. Publicly accessible RDS instances can be connected to from any computer on the internet, which poses a significant security risk.

Public access to RDS instances should be turned off so that they can only be accessed through private connections, such as an Amazon Virtual Private Cloud (VPC). This setting helps to limit access to RDS databases to the minimum necessary for operations, in compliance with FedRAMP Low Revision 4 security requirements.

Troubleshooting and Remediation Steps

Check the Public Accessibility of RDS Instances

  1. 1.
    Log in to the AWS Management Console.
  2. 2.
    Navigate to the RDS Dashboard.
  3. 3.
    Click on "DB Instances" in the sidebar.
  4. 4.
    Review the "Publicly Accessible" column for each instance to identify if it is set to "Yes."

Change the Public Accessibility Setting

If an RDS instance is publicly accessible, follow these steps to change the setting:

  1. 1.
    Click on the RDS instance that needs to be modified.
  2. 2.
    In the "Connectivity & Security" section, click on "Modify."
  3. 3.
    In the "Networking" section, locate "Public accessibility."
  4. 4.
    Set "Public accessibility" to "No."
  5. 5.
    Scroll down and click on "Continue."
  6. 6.
    Choose when to apply the changes (for minimal downtime, during the next maintenance window is recommended).
  7. 7.
    Click on "Modify DB Instance."

CLI Command to Update RDS Instance Public Accessibility

To update an RDS instance to be not publicly accessible using AWS CLI, use the following command:

aws rds modify-db-instance \
    --db-instance-identifier YourDBInstanceIdentifier \
    --no-publicly-accessible \
    --apply-immediately

Replace

YourDBInstanceIdentifier
with the actual identifier of your RDS instance.

Remediation Summary

To ensure that no RDS DB instances offer public access, all instances must be configured to deny public access, supporting FedRAMP compliance. Regularly monitoring and auditing RDS instances for public accessibility should be part of standard operational security procedures.

SEO-Friendly and Accelerating SEO

This detailed guide provides succinct and practical instructions tailored to meet compliance with FedRAMP requirements. It focuses on the steps an organization would need to take to configure RDS instances to prohibit public access as part of FedRAMP Low Revision 4 compliance, which is key security information for businesses operating under government regulations.

The information is designed to be easy to follow and is structured in a step-by-step format with clear headings to ensure good user experience and readability.

It's important to note that while good quality content is SEO-friendly, accelerating SEO involves ongoing efforts beyond the scope of a single informational guide, including keyword optimization, backlink building, and regular updates to content to ensure its relevance and authority in the fast-paced tech domain.

Is your System Free of Underlying Vulnerabilities?
Find Out Now