| Plugin Title | RDS Publicly Accessible |
| Cloud | AWS |
| Category | RDS |
| Description | Ensures RDS instances are not launched into the public cloud |
| More Info | Unless there is a specific business requirement, RDS instances should not have a public endpoint and should be accessed from within a VPC only. |
| AWS Link | http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html |
| Recommended Action | Remove the public endpoint from the RDS instance |
- Log into the AWS Management Console.
- Select the "Services" option and search for RDS.
- Scroll down the left navigation panel and choose "Databases".
- Select the "Database" that needs to be verified and click on the selected "Databse" from the "DB identifier" column to access the database.
- Click on the "Connectivity & Security" under the selected database configuration page.
- Scroll down the "Connectivity & Security" tab and check the "Security" section.Check the "Public Accessibility" and if it's "Yes" then selected database can launched into the public cloud .
- Repeat steps number 2 - 6 to check other RDS instances.
- Select the "Database" on which "Public Accessibility" needs to be disable. Click the "Modify" button at the top to make the necessary changes.
- Scroll down the "Modify DB Instance" page and check for "Public Accessibility" under "Network & Security".
- On the "Public Accessibility" section under "Network & Security" click on the "No" button.
- Scroll down the "Modify DB Instance" page and click on "Continue" button.
- On the "Scheduling of modifications" choose "Apply immediately" so that it will made the above changes applied as soon as possible and click on the "Modify DB Instance" button.
- Repeat steps number 8 - 12 to remove the public endpoint from the RDS instances .
