[DMS.1]
AWS Database Migration Service replication instances should not be public
Description
All AWS DMS replication instances should be publicly inaccessible. Private instances have private IP addresses that cannot be accessed from outside the replication network. Keeping instances private prevents unauthorized access. To make this rule COMPLIANT, you must set AWS DMS replication instances to private.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure network configuration |
| Compliance Control ID | DMS.1 |
| FortifyFox ID | FF100022 |
| Link | DMS.1 Compliance |
| Resource Type(s) | AWS::DMS::ReplicationInstance |
| Severity | Critical |
Remediation
Use the following CloudFormation templates to deploy a DMS replication instance compliant with DMS.1
YAML Template
Resources:
dmsInstance:
Type: AWS::DMS::ReplicationInstance
Properties:
PubliclyAccessible: false
JSON Template
{
"Resources": {
"dmsInstance": {
"Type": "AWS::DMS::ReplicationInstance",
"Properties": {
"PubliclyAccessible": false
}
}
}
}
📓 Notes
- You must have properly configured the DMS VPC Management role.