RDS has been defined with public interface

ID

aws_rds_public_accessible

Severity

high

Vendor

AWS

Resource

Network

Tags

reachable

Description

RDS has been defined with public interface. If the RDS is public accessible, then the security risk from data loss is higher.

To fix it you must configure publicly_accessible=false, this the default value.

Learn more about this topic at AWS RDS public access.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: create aurora instance
      amazon.aws.rds_instance:
        engine: aurora
        db_instance_identifier: ansible-test-aurora-db-instance
        publicly_accessible: true
        instance_type: db.t2.small
        password: "{{ password }}"
        username: "{{ username }}"
        cluster_id: ansible-test-cluster

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: create aurora instance
      amazon.aws.rds_instance:
        engine: aurora
        db_instance_identifier: ansible-test-aurora-db-instance
        instance_type: db.t2.small
        password: "{{ password }}"
        username: "{{ username }}"
        cluster_id: ansible-test-cluster