Rule: RDS DB Instances Should Prohibit Public Access

This rule ensures that RDS DB instances do not allow public access to enhance security measures.

Rule	RDS DB instances should prohibit public access
Framework	SOC 2
Severity	✔ High

RDS DB instance Public Access Prohibition for SOC 2

Description:

RDS (Relational Database Service) DB instances that store sensitive data should prohibit public access to comply with SOC 2 (Service Organization Controls 2) standards. Public access exposes the database to potential security risks, unauthorized access, and data breaches. Restricting public access helps maintain the confidentiality, integrity, and availability of data stored in the RDS DB instances.

Troubleshooting Steps:

If public access is mistakenly enabled for an RDS DB instance, follow the steps below to remediate the issue:

1.
Login to the AWS Management Console.

2.
Navigate to the RDS service.

3.
Select the specific DB instance.

4.
Go to the "Connectivity & security" tab.

5.
Under "Security" group, click on the associated security group (e.g., default) link.

6.
In the security group settings, find the inbound rules configured for the DB instance.

7.
Identify the public access rule(s) that allow access from any IP address (0.0.0.0/0).

8.
Remove the rule(s) that allow public access by selecting them and clicking the "Delete" or "Remove" button.

9.
Click "Save" to apply the changes.

Necessary Codes:

There are no specific codes required for this rule as it involves modifying the security group settings through the AWS Management Console. However, if you prefer to use the AWS Command Line Interface (CLI) for the remediation steps, the following commands can be used:

aws rds modify-db-instance \
    --db-instance-identifier <instance-identifier> \
    --publicly-accessible false

Step-by-Step Guide for Remediation:

1.
Open a web browser and go to the AWS Management Console.

2.
Sign in to your AWS account.

3.
Navigate to the RDS service by clicking on the "Services" dropdown and selecting "RDS" under the "Database" section.

4.
In the RDS dashboard, click on the DB instance that needs to have public access prohibited.

5.
On the DB instance details page, click on the "Connectivity & security" tab.

6.
Under the "Security" group section, you will find an associated security group (e.g., default) link. Click on it.

7.
The security group settings page will open, displaying the inbound and outbound rules.

8.
Look for the inbound rule(s) that allow access from any IP address (0.0.0.0/0).

9.
Select the rule(s) that allow public access and click the "Delete" or "Remove" button to remove the rule(s).

10.
Review the changes and click "Save" to apply the modified security group settings.

11.
Wait for a few moments until the changes are applied to the RDS DB instance.

By following these steps, public access will be prohibited for the RDS DB instance, aligning with the SOC 2 standard requirements.

Rule: RDS DB Instances Should Prohibit Public Access

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description:

Troubleshooting Steps:

Necessary Codes:

Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now