Control: AWS > CIS v4.0 > 2 - Storage > 2.02 - Relational Database Service (RDS) > 2.02.03 - Ensure that RDS instances are not publicly accessible

Configures auditing against a CIS Benchmark item.

Level: 1

Ensure and verify that RDS database instances provisioned in your AWS account do restrict unauthorized access in order to minimize security risks. To restrict access to any publicly accessible RDS database instance, you must disable the database Publicly Accessible flag and update the VPC security group associated with the instance.

Resource Types

This control targets the following resource types:

AWS > RDS > DB Instance

Policies

This control type relies on these other policies when running actions:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-cisv4-0#/control/types/r020203

Category URI

tmod:@turbot/cis#/control/categories/v071406

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv4-0#/control/types/r020203") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv4-0#/control/types/r020203'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv4-0#/control/types/r020203"