RDS (Relational Database Service) is a managed database service offered by AWS that allows users to create, operate, and scale databases in the cloud. By default, RDS database instances are not publicly accessible. However, if not configured correctly, they can be accidentally exposed to the public internet, which can pose significant security risks. Ensuring that RDS database instances are not publicly accessible means that they are only accessible from within a specified VPC (Virtual Private Cloud), and their access is restricted through security groups and network ACLs. This helps protect against potential attacks from the public internet and ensures that sensitive data stored in RDS databases is adequately secured.


Here are the remediation steps to ensure that RDS database instances are not publicly accessible:

  1. Go to the Amazon RDS console.
  2. Select the RDS instance that you want to modify.
  3. Click on the "Modify" button.
  4. Scroll down to the "Network & Security" section.
  5. In the "Publicly Accessible" setting, select "No".
  6. Click on the "Continue" button.
  7. Review the changes and click on the "Modify DB Instance" button to apply the changes.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.