AWS Config Rule: RDS Instance Public Access Check

Describe: Checks whether the Amazon Relational Database Service (RDS) instances are not publicly accessible. The rule is non-compliant if the publiclyAccessible field is true in the instance configuration item.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region

To resolve this manually, you will need to take a look at the Connectivity portion of your RDS Instance. When creating a new RDS Instance, you have the option to select Yes or No when configuring public access to this instance. By default, it is disabled.

If your instance is already created and you need to manually remove public access, you will need to modify the RDS Instance and toggle the below option back to No

You will then be able to review your changes and either Apply immediately, or Apply during the next scheduled maintenance window.

You can resolve with StackZone by enabling the remediation which will automatically remove public access from your RDS Instance.

To enable this, head to Baseline Services -> Amazon RDS and ensure to toggle on RDS Public Access Disabled Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here