In order to prevent unauthorized access and keep your on-premises network that is connected to direct connect secure, you should ensure your private network is not routed through the public internet. To mitigate these risks, it is recommended to use appropriate security measures such as enabling firewalls and configuring security groups and network ACLs.
To ensure that your on-premises internal network connected to Direct Connect is not publicly accessible via RDS, you can take the following remediation steps:
- Use a private subnet for your RDS instance: Configure your RDS instance to use a private subnet within your VPC. This will ensure that your RDS instance is not publicly accessible from the internet.
- Restrict access to your RDS instance: Configure security groups and network ACLs to allow access only from authorized IP addresses or ranges. You can also use AWS Identity and Access Management (IAM) to manage access to your RDS instance.
- Disable public accessibility: If your RDS instance does not require public accessibility, you should disable it to prevent unauthorized access.
- Use SSL/TLS encryption: Configure your RDS instance to use SSL/TLS encryption to protect your data in transit.
- Regularly review and update your security measures: Ensure that you regularly review and update your security measures to keep your RDS instance secure and protected from unauthorized access.
- Use AWS PrivateLink: If you want to access your RDS instance securely from your on-premises network, you can use AWS PrivateLink to create a private connection between your VPC and your on-premises network.
By taking these remediation steps, you can ensure that your on-premises internal network connected to Direct Connect is not publicly accessible via RDS, and that your RDS instance remains secure and protected from unauthorized access.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.
