lacework-global-386
Deploy Relational Database Service (RDS) instances within a Virtual Private Cloud (VPC) (Automated)
Description
VPCs provide a number of network controls to secure access to RDS resources. These controls include VPC Endpoints, network ACLs, and security groups. To take advantage of these controls, you can create your RDS instances on an EC2-VPC.
Remediation
From the AWS Console:
- Log in to the AWS Management Console.
- Click Services.
- Select Database > RDS.
- Click Databases.
- Select the applicable database.
- Click Actions > Take snapshot.
- Set up the preferences as required and click Take snapshot.
- Navigate to Snapshots.
- Choose the applicable snapshot.
- Click Actions > Restore snapshot.
- Enter a name for the DB instance identifier for the restored DB instance, and specify any other settings.
- Click Restore DB instance.
From CLI:
Create a snapshot for the applicable DB instance using:
aws rds create-db-snapshot --db-snapshot-identifier <db_snapshot_id> -db-instance-identifier <db_instance_id>
Use the snapshot to create a restored DB instance:
aws rds restore-db-instance-from-db-snapshot --db-snapshot-identifier <db_snapshot_id> -db-instance-identifier <db_instance_id> --allocated-storage <storage_in_GiB>
Configure any additional settings required, see: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html#USER_CreateDBInstance.Settings for a list of the settings available.
References
https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-13
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RestoreFromSnapshot.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html#USER_CreateDBInstance.Settings