Details
Amazon Relational Database Service (RDS) is a managed relational database service which handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair.
There are 6 database engines available for customer to run their database workloads on:
* Amazon Aurora (MySQL Compatible)
* MySQL
* MariaDB
* Oracle
* Microsoft SQL Server
* PostgreSQL
Customers can deploy RDS databases within a VPC through the configuration of:
* Subnet Group for RDS, this group will be used for deployment of single or Multi-AZ RDS instances.
* Network access through configuration of Security Groups for RDS
* Access from outside the VPC hosting the DB instance by enabling/disabling a Public IP address
Network access to the managed Data-Tier must be tightly controlled using Security Groups for RDS and non local accessibility of the DB instance.
Solution
Using the Amazon unified command line interface:
* Modify each publicly accessible DB instance, and make it private:
aws rds modify-db-instance –db-instance-identifier
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system amazon_aws.