Publicly accessible RDS database stores sensitive data

rds
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

A publicly accessible database containing sensitive data increases the likelihood of brute force attacks successfully granting access, which can be used by an attacker for unauthorized data access or destruction of sensitive information. Sensitive data could include personally identifiable information (PII), credentials, financial information, and network or device information. For more details on how sensitive data is detected, see the official documentation.

Remediation

  1. Modify the database instance to disable public accessibility. Review Hiding a DB instance in a VPC from the internet for more information on how to disable public accessibility.
  2. Confirm that the database instance is only accessible from trusted sources. See Controlling access with security groups for more information on how to configure security groups.