More Info:

No AWS RDS database instances should be provisioned inside VPC public subnets in order to protect them from direct exposure to the Internet

Risk Level

High

Address

Security

Compliance Standards

SOC2, HITRUST, GDPR, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Additional Reading: