Detections
Analytics

Ensure default ports are not used by Amazon Relational Database Service (Amazon RDS) instances

MEDIUM

Description

AWS RDS database instances are using the default ports which may expose them to brute-force and dictionary attacks.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the RDS Console.
  2. Under Databases, choose the cluster you wish to edit.
  3. Select Modify.
  4. Expand the Additional configuration section.
  5. For Database port, set the value to something other than the known port number.

In Terraform -

  1. In the aws_rds_cluster resource, set the value for 'port' to something other than the known port number.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_RDS_Configuring.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster

Policy Details

Rule Reference ID: AC_AWS_0191
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_rds_cluster
Resource Category: Database
Resource Type: Relational Database Service (RDS)

Frameworks