Rds default port remediation

Using Console

Using CLI

To remediate the misconfiguration of RDS database instances using default ports in AWS, you can follow these steps using AWS CLI:

Identify the RDS instances that are using default ports: Run the following AWS CLI command to list all your RDS instances and their associated configurations:
```
aws rds describe-db-instances
```
Look for instances that are using default ports (3306 for MySQL, 5432 for PostgreSQL, 1433 for SQL Server, etc.).
Modify the RDS instance to use a non-default port: Run the following AWS CLI command to modify the RDS instance to use a non-default port (replace your-db-instance-identifier and new-port-number with your actual values):
```
aws rds modify-db-instance --db-instance-identifier your-db-instance-identifier --port new-port-number
```
Update the security group settings: If you have security groups attached to your RDS instance, you will need to update the inbound rules to allow traffic on the new port. Run the following AWS CLI command to update the inbound rules of the security group (replace your-security-group-id and new-port-number with your actual values):
```
aws ec2 authorize-security-group-ingress --group-id your-security-group-id --protocol tcp --port new-port-number --cidr 0.0.0.0/0
```
Verify the changes: Run the following AWS CLI command to describe the modified RDS instance and ensure that the port has been updated successfully:
```
aws rds describe-db-instances --db-instance-identifier your-db-instance-identifier
```

By following these steps, you can remediate the misconfiguration of RDS database instances using default ports in AWS and enhance the security of your RDS instances.

Using Python

To remediate the misconfiguration of RDS Database Instances using default ports in AWS, you can use the AWS SDK for Python (Boto3) to modify the security group associated with the RDS instance to restrict access to a specific port. Here are the step-by-step instructions to remediate this issue:

Install the Boto3 library:

pip install boto3

Configure your AWS credentials by either setting environment variables or using the AWS CLI aws configure command.
Use the following Python script to modify the security group associated with the RDS instance to restrict access to a specific port (e.g., 3306):

import boto3

# Initialize the RDS client
rds_client = boto3.client('rds')

# Specify the RDS instance identifier and the desired port
db_instance_identifier = 'YOUR_DB_INSTANCE_IDENTIFIER'
desired_port = 3306

# Get the current security group of the RDS instance
response = rds_client.describe_db_instances(DBInstanceIdentifier=db_instance_identifier)
security_group_id = response['DBInstances'][0]['VpcSecurityGroups'][0]['VpcSecurityGroupId']

# Authorize inbound traffic on the desired port for the security group
ec2_client = boto3.client('ec2')
response = ec2_client.authorize_security_group_ingress(
    GroupId=security_group_id,
    IpPermissions=[
        {
            'FromPort': desired_port,
            'ToPort': desired_port,
            'IpProtocol': 'tcp',
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        }
    ]
)

print('Security group updated to allow inbound traffic on port', desired_port)

Replace YOUR_DB_INSTANCE_IDENTIFIER with the identifier of your RDS instance.
Run the Python script. It will modify the security group associated with the RDS instance to allow inbound traffic only on the specified port (3306 in this case).

By following these steps, you can remediate the misconfiguration of RDS Database Instances using default ports in AWS.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Rds default port remediation

Triage and Remediation

Remediation