Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of Database Migration Service Endpoints not having SSL configuration for AWS RDS using the AWS console, follow these step-by-step instructions:
- Login to AWS Management Console: Go to the AWS Management Console at https://console.aws.amazon.com/.
- Navigate to RDS Service: Click on the “Services” dropdown menu at the top left corner, then select “RDS” under the Database category.
- Select the RDS Instance: From the list of RDS instances, select the instance for which you want to enable SSL configuration.
- Modify the RDS Instance: Click on the instance name to open its details page. Then, click on the “Modify” button at the top.
- Enable SSL: Scroll down to the “Network & Security” section, and locate the “Additional configuration” option. Here, you will find the “Enable IAM DB authentication” option. Enable this option by selecting the checkbox.
- Apply Changes: Scroll down to the bottom of the page and click on the “Continue” button.
- Review Changes: Review the changes you are about to make, and then click on the “Modify DB Instance” button to apply the changes.
- Verify SSL Configuration: Once the modification is complete, verify that the SSL configuration is enabled for the Database Migration Service Endpoints by connecting to the RDS instance using SSL.
Using CLI
Using CLI
To remediate the misconfiguration of Database Migration Service endpoints not having SSL configuration for AWS RDS using the AWS CLI, follow these steps:
-
Enable SSL for the RDS instance:
- Run the following AWS CLI command to modify the RDS instance to enable SSL:
- Replace
YOUR_DB_INSTANCE_IDENTIFIERwith the identifier of your RDS instance.
- Run the following AWS CLI command to modify the RDS instance to enable SSL:
-
Verify SSL configuration:
- Confirm that SSL is enabled for the RDS instance by describing the instance using the following command:
- Ensure that the
Endpointsection includes theSSL: trueattribute.
- Confirm that SSL is enabled for the RDS instance by describing the instance using the following command:
-
Restart the RDS instance:
- If the SSL configuration does not take effect immediately, you may need to restart the RDS instance. Run the following command:
- This will trigger a reboot of the RDS instance to apply the SSL configuration changes.
- If the SSL configuration does not take effect immediately, you may need to restart the RDS instance. Run the following command:
-
Verify SSL connection:
- Test the SSL connection to the RDS instance using a database client that supports SSL connections. Ensure that the connection is successful and encrypted.
Using Python
Using Python
To remediate the misconfiguration of Database Migration Service endpoints not having SSL configuration for AWS RDS using Python, you can follow these steps:
- Install the AWS SDK for Python (Boto3) if you haven’t already:
- Use the following Python script to enable SSL for your AWS RDS instance:
- Replace the placeholders (‘your_aws_region’, ‘your_rds_instance_identifier’, ‘your_security_group_id’, ‘your_master_password’) with your actual AWS region, RDS instance identifier, security group ID, and master password.
- Run the Python script to enable SSL configuration for your AWS RDS instance.