RDS Public Access Enabled

Last updated: April 12, 2025

Details of the Vulnerability

RDS instances with public accessibility pose a significant security risk. Such instances are vulnerable to unauthorized access, which may lead to data breaches. Addressing public accessibility is critical to enhance security and maintain compliance with industry standards.

Impact

  • Publicly accessible RDS instances are more susceptible to malicious attacks.

  • The likelihood of unauthorized access to sensitive data increases significantly.

  • Failure to manage security controls can result in potential compliance violations.

  • Data breaches can lead to the compromise of sensitive information.

  • Organizations may face reputational challenges and financial losses.

Resolution Steps

To mitigate this vulnerability and secure RDS access:

  1. Using the AWS Management Console:

  • Go to the RDS Dashboard.

  • Select the RDS instance you want to modify.

  • Find the 'Publicly Accessible' option under the 'Connectivity' settings.

  • Switch the setting to 'No' to disable public accessibility.

  • Save your changes to apply the new configuration.

  1. Using the AWS Command Line Interface (CLI):

aws rds modify-db-instance --db-instance-identifier <your-db-instance-id> --publicly-accessible false

Replace '<your-db-instance-id>' with the identifier of your RDS instance to execute the command.