Triage and Remediation
Remediation
Using Console
Using Console
To remediate the unrestricted MsSQL access in AWS, you can follow the below steps:
- Login to the AWS Management Console.
- Go to the RDS dashboard.
- Select the RDS instance that has unrestricted MsSQL access.
- Click on the “Modify” button.
- Scroll down to the “Network & Security” section.
- Under the “Security Group Rules” section, click on the “Edit” button.
- Remove the rule that allows unrestricted MsSQL access.
- Add a new rule that allows MsSQL access only from specific IP addresses or CIDR ranges.
- Click on the “Save Changes” button.
- Wait for the changes to be applied to the RDS instance.
Using CLI
Using CLI
To remediate the unrestricted MsSQL access issue in AWS using AWS CLI, you can follow these steps:
-
Open the AWS CLI and run the following command to list all the security groups in your AWS account:
aws ec2 describe-security-groups - Identify the security group that has unrestricted MsSQL access. You can identify the security group by looking at the inbound rules.
-
Once you have identified the security group, run the following command to revoke the inbound rule that allows unrestricted MsSQL access:
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 1433 --cidr 0.0.0.0/0Replace<security-group-id>with the ID of the security group that you identified in step 2. -
Verify that the inbound rule has been revoked by running the following command:
aws ec2 describe-security-groups --group-ids <security-group-id>Replace<security-group-id>with the ID of the security group that you identified in step 2. - Once you have verified that the inbound rule has been revoked, you have successfully remediated the unrestricted MsSQL access issue in AWS.
Using Python
Using Python
To remediate this misconfiguration in AWS using Python, you can follow the below steps:Note: Replace the
- Identify the security group associated with the MS SQL Server instance.
- Get the IP address of the client machine from where the MS SQL Server connection is initiated.
- Create a new security group rule that allows incoming traffic from the client machine IP address to the MS SQL Server instance on port 1433.
- Remove the existing security group rule that allows unrestricted access to the MS SQL Server instance.
region_name, security_group_name, and client_ip_address variables with the appropriate values for your environment.