Ensure database instances with an AWS Aurora cluster should have same accessibility

MEDIUM

Description

All database instances within an AWS Aurora cluster does not have the same accessibility.

Remediation

In AWS Console -

Sign in to the AWS Console and open the RDS Console.
Under Databases, choose the cluster instance you wish to edit.
Select Modify.
Under Connectivity, expand the Additional configuration section.
Set the Public Access option to Not publicly accessible.

In Terraform -

For each aws_rds_cluster_instance resource where the publicly_accessible field is false, set the publicly_accessible field value for the aws_db_instance to false.

References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.BackupRestore.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance#publicly_accessible
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#publicly_accessible

Policy Details

Rule Reference ID: AC_AWS_0192

CSP: AWS

Remediation Available: Yes

Domain: Compliance Validation

Resource: aws_rds_cluster_instance

Resource Category: Database

Resource Type: Relational Database Service (RDS)

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA