RDS using default port

ID

aws_rds_default_port

Severity

info

Vendor

AWS

Resource

Network

Tags

reachable

Description

RDS using default port, for Aurora, MariaDB or MySQL, the default port is 3306. PostgreSQL default port is 5432, Oracle default port is 1521 and SQL Server default port is 1433. An attacker can easily guess the port.

To fix it you must configure port with other port.

Learn more about this topic at AWS RDS Settings.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: RDS
      amazon.aws.rds_instance:
        engine: aurora
        db_instance_identifier: ansible-test-aurora-db-instance
        instance_type: db.t2.small
        password: "{{ password }}"
        username: "{{ username }}"
        cluster_id: ansible-test-cluster
        auto_minor_version_upgrade: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: RDS
      amazon.aws.rds_instance:
        engine: aurora
        db_instance_identifier: ansible-test-aurora-db-instance
        instance_type: db.t2.small
        password: "{{ password }}"
        username: "{{ username }}"
        cluster_id: ansible-test-cluster
        auto_minor_version_upgrade: true
        port: 3310