Ensure RDS database instances are not accessible via Internet (Network and API)

Security & Compliance

In order to improve the security posture of AWS infrastructure, it is recommended to restrict access to the RDS database instances to the private network and not allow access from the Internet. This is important as exposing RDS instances to the Internet could result in unauthorized access and data breaches.


To ensure that RDS database instances are not accessible via the Internet, you can follow these remediation steps:

  1. Open the Amazon RDS console.
  2. Select the RDS database instance that you want to modify.
  3. Choose the "Modify" button.
  4. Scroll down to the "Network & Security" section.
  5. Select the "Additional connectivity configuration" option.
  6. Under the "Publicly accessible" setting, choose "No".
  7. If you need to access the database instance from specific IP addresses or security groups, you can add them to the "VPC security group" or "IP address whitelist" settings.
  8. Choose "Continue" to review the changes, and then "Modify DB instance" to save the changes.

By following these steps, you can ensure that your RDS database instances are not accessible via the Internet, which helps to reduce the risk of unauthorized access and potential security breaches.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.