Amazon DMS Replication Instance Is Publicly Accessible
- Query id: 5864fb39-d719-4182-80e2-89dbe627be63
- Query name: Amazon DMS Replication Instance Is Publicly Accessible
- Platform: CloudFormation
- Severity: Critical
- Category: Access Control
- CWE: 284
- URL: Github
Description¶
Amazon DMS is publicly accessible, therefore exposing possible sensitive information. To prevent such a scenario, update the attribute 'PubliclyAccessible' to false.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
ReplicationInstance:
Type: "AWS::DMS::ReplicationInstance"
Properties:
ReplicationInstanceIdentifier: my-replication-instance
ReplicationInstanceClass: dms.r5.large
AllocatedStorage: 100
EngineVersion: "3.4.3"
PubliclyAccessible: true
Positive test num. 2 - yaml file
Resources:
ReplicationInstance:
Type: "AWS::DMS::ReplicationInstance"
Properties:
ReplicationInstanceIdentifier: my-replication-instance
ReplicationInstanceClass: dms.r5.large
AllocatedStorage: 100
EngineVersion: "3.4.3"