Unrestricted access between network segments - RDS | Fluid Attacks Database

Database

Description

Some RDS Cluster or Instances are not defined inside a Database Subnet Group.

Impact

Access to RDS services in a insecure way from the Internet.

Recommendation

Ensure that all RDS instances belong to a Database Subnet Group.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 90 minutes.

Requirements

255 - Allow access only to the necessary ports

Rules

Aws Unrestricted Cluster Security Groups Aws Cluster Not In Subnet Group Aws Instance Not In Subnet Group Aws Unrestricted Security Groups Json Yaml Missing Db Subnet Group Name Terraform Missing Db Subnet Group

Fixes

Aws Cloudformation