Ensure Rule: RDS database Security Group Restriction
This rule ensures RDS database does not have unrestricted security group attached.
| Rule | Ensure RDS database does not have unrestricted security group attached |
| Framework | CloudDefense.AI Security |
| Severity | ✔ Critical |
Description
The rule ensures that an AWS RDS (Relational Database Service) database does not have an unrestricted security group attached to it. An unrestricted security group allows all traffic, from any source, to access the database. This poses a significant security risk as it may result in unauthorized access or potential data breaches.
Troubleshooting
In case an unrestricted security group is found attached to the RDS database, follow the steps below for remediation.
Remediation Steps
Step 1: Identify the RDS Database
- 1.Log in to the AWS Management Console.
- 2.Navigate to the Amazon RDS service.
Step 2: Check Security Groups
- 1.Select the appropriate region from the top-right corner.
- 2.In the left sidebar, click on "Databases".
- 3.Select the target RDS database from the list.
Step 3: Review Security Groups
- 1.In the "Connectivity & security" tab of the RDS database details page, locate the "VPC Security Groups" section.
- 2.Review the security groups listed.
Step 4: Remove Unrestricted Security Group
- 1.If an unrestricted security group is found, note down the security group name.
- 2.Navigate to the Amazon EC2 service in the same region.
Step 5: Update Security Group rules
- 1.In the left sidebar, click on "Security Groups".
- 2.Search for the security group name noted earlier.
- 3.Select the security group in question.
If Inbound rule needs modification:
- 1.In the "Inbound Rules" tab, review the inbound rules.
- 2.Identify the rule(s) that allow unrestricted access (0.0.0.0/0) and note them down.
- 3.Click on "Edit inbound rules".
- 4.Remove the unrestricted rules.
- 5.Add specific rules for the required inbound access.
- 6.Click "Save rules" to apply the changes.
If Outbound rule needs modification:
- 1.In the "Outbound Rules" tab, review the outbound rules.
- 2.Identify the rule(s) that allow unrestricted access (0.0.0.0/0) and note them down.
- 3.Click on "Edit outbound rules".
- 4.Remove the unrestricted rules.
- 5.Add specific rules for the required outbound access.
- 6.Click "Save rules" to apply the changes.
Code
No specific code is required for this rule, as the remediation steps involve modifying security group rules through the AWS Management Console.
It is recommended to automate these steps using AWS CLI or SDKs for large-scale environments or as part of a continuous security monitoring process.