lacework-global-229
Security group attached to RDS DB instance should not allow inbound traffic from all ports
Description
Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access to your RDS instances to prevent any unauthorized access.
Remediation
Log in to the AWS Management Console.
Click Services.
Select Database > RDS.
Click Connectivity and Security > Security Groups.
Select the RDS instance that has the violation reported by Lacework.
Under the Connectivity & security tab, click the attached security-group.
Edit the inbound rules and restrict access to only the required IPs and ports.