Publicly accessible database are exposed to remote attacks

• GG_ID: GG_IAC_0004
• Severity: HIGH
• Complexity: HIGH
• Categories: NETWORK
• Providers: AWS
• Potential data exposure: True
• Visible in logs: False
• User interaction required: False
• Privileges required: False

Description

Publicly accessible AWS RDS instances are exposed to the whole web, and thus subject to a range of remote attacks."

Impact

Having public access means anyone can try and connect to the database.

• If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.

• If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.

Remediation guidelines

Integrate the database in a Virtual Private Cloud (VPC), and configure the VPC according to the principle of least privileges.

External documentation

• Working with a DB instance in a VPC
• AWS Security groups configuration