Severity Framework
Snyk CCSS
Rule category
Data / Access Control
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-AWS
CIS-Controls
CSA-CCM
ISO-27001
SOC-2
- Snyk ID SNYK-CC-00001
- credit Snyk Research Team
Description
Publicly accessible RDS database instances allow any AWS user or anonymous user access to the data in the database.
How to fix?
Set the publicly_accessible
attribute to false
.
Example Configuration
resource "aws_db_instance" "default" {
allocated_storage = 20
storage_type = "standard"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "mydbvalid"
username = "validpublic"
password = "SecretPassw0rd"
parameter_group_name = "default.mysql5.7"
publicly_accessible = false
db_subnet_group_name = "${aws_db_subnet_group.validsubnetgroup.id}"
skip_final_snapshot = true
}