Ensuring cloud security is the priority for most of the organizations. Organizations want their cloud infrastructure to attain maximum security which will allow them to deploy their data, resources and focus on their business rather than getting worried about security threats. RDS is the relational database service provided by AWS and it is necessary to make sure that your AWS RDS instances are not publicly accessible.
Why AWS RDS instances should not be publicly accessible?
Each DB engine has its own unique and specific features. Users can control the accessibility and privacy of their AWS RDS instances configured in the VPC. It is recommended that RDS instance should not be publicly accessible to other services and resources in AWS. Public RDS instance means that other AWS users can access your database instance which can lead to misuse of the data. There may be a situation where you might be unaware of any public RDS database instance which may contain any sensitive data and is not supposed to be shared with other users.
How can Centilytics assist you
Centilytics provides an insight which shows the status of all your AWS RDS databases which are exposed to a public interface so that user can take suitable action against them from the AWS console.
Insight descriptions:
There can be 2 possible scenarios:
| Severity | Description |
 OK |
This indication will be displayed when RDS instance does not have public interface i.e. this RDS DB instance is not publicly accessible to other networks and resources in your cloud. |
 CRITICAL |
This indication will be displayed when RDS instance has a public interface i.e. this RDS instance is publicly accessible to other networks and resources in your cloud. |
Description of further columns are as follows:
- Account Id: This column Shows the respective account ID of the user’s account.
- Account Name: This column shows the corresponding account name to the user’s account.
- Region: This column shows the region in which the corresponding RDS instance exists.
- Identifier: This column shows the unique ARN or Amazon Resource Name corresponding to the resource. ARN is defined as a unique file naming convention which is used to identify and differentiate between multiple resources across AWS.
- RDS Instance Identifier: This column shows the corresponding database instance name.
- DB Engine: This column shows the corresponding database engine attached to the RDS instance such as MySQL, Postgres, Aurora etc.
Filters applicable:
| Filter Name | Description |
| Account Id | Applying the account Id filter will display data for the selected account Id. |
| Region | Applying region filter will display data according to the selected region. |
| Severity | Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types |
| Resource Tags | Applying resource tags filter will display those resources which have been assigned the selected resource tag. For eg- If the user has tagged some resource by a tag named environment, then selecting an environment from the resource tags filter will display all |
| Resource Tags Value | Applying resource tags value filter will display data which will have the selected resource tag value. For eg- If the user has tagged some resource by a tag named environment and has given it a value say production (environment: production), then the user will be able to view data of all the resources which are tagged as “environment:production”. can use the tag value filter only when a tag name has been provided. |
Compliances covered:
| Compliance Name | Reference No. | Link |
| PCI | 1.3.4,1.3.5,1.3.7 | https://docs.aws.amazon.com/quickstart/ latest/compliance-pci/welcome.html |
| HIPAA | 164.312(e)(1),164.312(c)(1) | https://aws.amazon.com/quickstart/ architecture/compliance-hipaa/ |
| ISO 27001 | A.14.1.2, A.9.1.2, A.13.1.3,A.13.2.1 | https://www.iso.org/standard/54534.html
|
Read more:
[1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
[2] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html
