AWS RDS instances with mis-configured security groups attached

AWS-RDS-Instances-Mis-configured-Security-Groups

It is advised that security groups should be associated and configured appropriately with your AWS RDS instances which will make your cloud environment more secure.

Why is it important to configure security groups in your AWS RDS properly?

AWS allows the users to attach security groups to their RDS instances. A security group is like a firewall that controls the inbound or outbound (incoming or outgoing) traffic for your instances. If no security group is assigned to an instance in, then the instance automatically gets assigned to the default security group of the VPC which allows public access to all the associated resources. Any security group having an IP address as 0.0.0.0/0 means that it allows unrestricted or public access.

AWS RDS instances contain multiple databases which store sensitive data for the users. Any security attack resulting in any data leak or any operation disruption would create an unwanted situation for the user. It is recommended that any security group allowing public unrestricted access should not be associated with any AWS RDS instance.

Centilytics can help you identify the misconfigured security groups

Centilytics has a dedicated insight which gives warnings to the user whenever any AWS RDS instance with misconfigured security group is detected in the cloud infrastructure.

Insight descriptions:

There can be 2 possible scenarios:

Severity Description
OK This indication will be displayed when the corresponding AWS RDS instance is secure and does not have a misconfigured security group allowing public access.
CRITICAL This indication will be displayed when the corresponding AWS RDS instance is not secure and has a misconfigured security group allowing public access.

 

Description of further columns are as follows:

1.Account Id: This column shows the respective account ID of the user’s account.AWS RDS 4

  1. Account Name: This column shows the corresponding account name of the user’s account.AWS RDS 5
  2. Region: This column shows the region in which the resource exists.AWS RDS 6
  3. Identifier: This column shows the unique ARN or Amazon Resource Name corresponding to the resource. ARN is defined as a unique file naming convention which is used to identify and differentiate between multiple resources across AWS.AWS RDS 1
  4. RDS DB Security Group Name: This column shows the name of the security group attached to your RDS instance.AWS RDS 2
  5. RDS DB Security group Status: This column shows whether your security groups attached to RDS instances are secured or not.AWS RDS 3

Filters applicable:

Filter Name Description
Account Id Applying account Id filter will display data for the selected account Id.
Region Applying the region filter will display data according to the selected region.
Severity Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).

Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.

 

Did you know that the snapshots of your AWS RDS instances should not be publicly accessible? Read here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here