Detections
Analytics

Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hosts

HIGH

Description

AWS RDS instance is open to a large scope, that is, more than 256 hosts. Keeping RDS instances to many hosts make user monitoring and management challenging.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and go to the AWS RDS Console.
  2. In the RDS Dashboard, click on instances.
  3. Select the RDS instance that you want to examine and click Instance Actions button from the dashboard top menu and select See Details.
  4. Make sure the security group associated with the instance does not allow access to more than 256 hosts.

In Terraform -

  1. In the aws_db_security_group resource, set appropriate rules for the ingress object.

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_security_group

Policy Details

Rule Reference ID: AC_AWS_0065
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_db_security_group
Resource Category: Database
Resource Type: Security Group

Frameworks