Publicly accessible database are exposed to remote attacks

Severity	Exploitability	Providers	Categories
HIGH	LOW	AWS	NETWORK

Description

Publicly accessible AWS RDS instances are exposed to the whole web, and thus subject to a range of remote attacks."

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	False

Having public access means anyone can try and connect to the database.

• If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.

• If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.

Remediation guidelines

Integrate the database in a Virtual Private Cloud (VPC), and configure the VPC according to the principle of least privileges.

References

• Working with a DB instance in a VPC
• AWS Security groups configuration