[RDS.2]
RDS DB instances should prohibit public access, determined by the PubliclyAccessible configuration
Description
All RDS DB instances must be publicly accessible. A publicly accessible database instance has a publicly resolvable DNS which resolves to a public IP Address. However, unless required, instances must be private to prevent unnecessary traffic to the database. This rule is COMPLIANT when an instance is not publicly accessible.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure network configuration |
| Compliance Control ID | RDS.2 |
| FortifyFox ID | FF100031 |
| Link | RDS.2 Compliance |
| Resource Type(s) | AWS::RDS::DBInstance |
| Severity | Critical |
Remediation
Use the following CloudFormation templates to deploy a RDS DB Instance compliant with RDS.2
YAML Template
Resources:
rdsDB:
Type: "AWS::RDS::DBInstance"
Properties:
PubliclyAccessible: false
JSON Template
{
"Resources": {
"rdsDB": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"PubliclyAccessible": false
}
}
}
}