RDS database instance is configured to use a non-default port



Confirm Amazon RDS database instances are not using default ports. This includes default ports such as MySQL/Aurora port 3306, SQL Server port 1433, and PostgreSQL port 5432.


Using a custom port can protect against potential brute-force and dictionary attacks.


From the console

Follow the Modifying an Amazon RDS DB instance docs to verify you’re not using a default. You can modify your port by modifying that DB instance settings.

From the command line

  1. Run create-db-snapshot with your database instance and snapshot identifiers to create a snapshot.


        aws rds create-db-snapshot \
            --db-instance-identifier database-mysql \
            --db-snapshot-identifier snapshotidentifier
  2. Run modify-db-instance with a new, valid port number. A list of port numbers are available.


        aws rds modify-db-instance \
            --db-instance-identifier database-identifier \
            --option-group-name test-group-name \
            --db-parameter-group-name test-sqlserver-name \