RDS DB Instance Publicly Accessible
- Query id: 647de8aa-5a42-41b5-9faf-22136f117380
- Query name: RDS DB Instance Publicly Accessible
- Platform: Pulumi
- Severity: Medium
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
RDS must not be defined with public interface, which means the attribute 'PubliclyAccessible' must be set to false.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
name: aws-rds
runtime: yaml
description: An RDS Instance
resources:
default:
type: aws:rds:Instance
properties:
allocatedStorage: 10
dbName: mydb
engine: mysql
engineVersion: '5.7'
instanceClass: db.t3.micro
parameterGroupName: default.mysql5.7
password: foobarbaz
skipFinalSnapshot: true
username: foo
publiclyAccessible: true
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
name: aws-rds
runtime: yaml
description: An RDS cluster
resources:
default:
type: aws:rds:Instance
properties:
allocatedStorage: 10
dbName: mydb
engine: mysql
engineVersion: '5.7'
instanceClass: db.t3.micro
parameterGroupName: default.mysql5.7
password: foobarbaz
skipFinalSnapshot: true
username: foo
Negative test num. 2 - yaml file
name: aws-rds
runtime: yaml
description: An RDS Instance
resources:
default:
type: aws:rds:Instance
properties:
allocatedStorage: 10
dbName: mydb
engine: mysql
engineVersion: '5.7'
instanceClass: db.t3.micro
parameterGroupName: default.mysql5.7
password: foobarbaz
skipFinalSnapshot: true
username: foo
publiclyAccessible: false