RDS database instance is publicly accessible Affecting RDS service in AWS

Severity Framework Snyk CCSS

Rule category Data / Access Control

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-AWS CIS-Controls CSA-CCM ISO-27001 SOC-2

Snyk ID SNYK-CC-00001
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Publicly accessible RDS database instances allow any AWS user or anonymous user access to the data in the database.

How to fix?

Set the publicly_accessible attribute to false.

Example Configuration

resource "aws_db_instance" "default" {
  allocated_storage    = 20
  storage_type         = "standard"
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t2.micro"
  name                 = "mydbvalid"
  username             = "validpublic"
  password             = "SecretPassw0rd"
  parameter_group_name = "default.mysql5.7"
  publicly_accessible = false
  db_subnet_group_name = "${aws_db_subnet_group.validsubnetgroup.id}"
  skip_final_snapshot = true
}

Terraform

aws_db_instance

References

Working with a DB instance in a VPC