Ensure DMS Replication Instances Are Not Publicly Accessible
Checks if AWS DMS replication instances are configured to not be publicly accessible, protecting sensitive database data from unauthorized external access.
| Rule | Database Migration Service replication instances should not be public |
| Framework | PCI v3.2.1 |
| Severity | ✔ Critical |
Database Migration Service replication instances should not be public for PCI v3
Description:
Replication instances in Database Migration Service should not be public for PCI v3 compliance to ensure the security and confidentiality of sensitive data.
Troubleshooting Steps:
If replication instances are public, it poses a security risk as it allows unauthorized access to the data. To troubleshoot and resolve this issue:
- 1.Check the current status of the replication instances in Database Migration Service.
- 2.If any instances are found to be public, they should be immediately reconfigured to be private.
- 3.Review the network configurations and access controls to ensure that only authorized users have access to the replication instances.
Remediation Steps:
To remediate the issue of public replication instances in Database Migration Service, follow these steps:
- 1.
Identify Public Replication Instances: Run the following command to list all replication instances:
gcloud dms instances list - 2.
Update Replication Instances to Private: For each public replication instance, update its settings to make it private. Run the following command for each instance:
gcloud dms instances update INSTANCE_NAME --no-public-ip - 3.
Review Firewall Rules: Review the firewall rules in the network configuration to ensure that only necessary ports are open and access is restricted.
- 4.
Monitor and Audit: Regularly monitor and audit the replication instances to ensure compliance with PCI v3 requirements.
By following these steps, you can ensure that Database Migration Service replication instances are not public for PCI v3 compliance, enhancing security and protecting sensitive data.