Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Data/ Access Control
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-AWSCIS-ControlsCSA-CCMISO-27001SOC-2
- Snyk IDSNYK-CC-00001
- creditSnyk Research Team
Description
Publicly accessible RDS database instances allow any AWS user or anonymous user access to the data in the database.
How to fix?
Set the publicly_accessible attribute to false.
Example Configuration
resource "aws_db_instance" "default" {
allocated_storage = 20
storage_type = "standard"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "mydbvalid"
username = "validpublic"
password = "SecretPassw0rd"
parameter_group_name = "default.mysql5.7"
publicly_accessible = false
db_subnet_group_name = "${aws_db_subnet_group.validsubnetgroup.id}"
skip_final_snapshot = true
}