| Plugin Title | RDS Publicly Accessible |
| Cloud | AWS |
| Category | RDS |
| Description | Ensures RDS instances are not launched into the public cloud |
| More Info | Unless there is a specific business requirement, RDS instances should not have a public endpoint and should be accessed from within a VPC only. |
| AWS Link | http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html |
| Recommended Action | Remove the public endpoint from the RDS instance |
- Log in to the AWS Management Console.
- Select the "Services" option and search for RDS.
- Scroll down the left navigation panel and choose "Databases".
- Select the "Database" that needs to be verified and click on the selected "Database" from the "DB identifier" column to access the database.
- Click on the "Connectivity & Security" under the selected database configuration page.
- Scroll down the "Connectivity & Security" tab and check the "Security" section. Check the "Public Accessibility" and if it's "Yes" then selected database can launched into the public cloud .
- Select the "Database" on which "Public Accessibility" needs to be disabled. Click the "Modify" button at the top to make the necessary changes.
- Scroll down the "Modify DB Instance" page and check for "Public Access" under "Additional configuration" of "Connectivity".
- On the "Public Access" section under "Connectivity" select the "Not publicly accessible" option.
- Scroll down the "Modify DB Instance" page and click on "Continue" button.
- On the "Scheduling of modifications" choose "Apply immediately" so that it will make the above changes as soon as possible, and then click on the "Modify DB Instance" button.
- Repeat steps number 7 - 11 to remove the public access from all other RDS instances .
