Sprinto Dashboard

How to resolve Reported incident should be closed

About

Sprinto Check: AWS RDS database should be protected from direct internet traffic

Securing AWS RDS: Restricting Public Access

As a critical security best practice, Amazon RDS (Relational Database Service) instances should only be exposed internally within their Virtual Private Cloud (VPC) and restricted to instances that specifically need to communicate with the database. Avoiding a public endpoint for RDS instances, unless there is a clear business requirement, is crucial for minimizing potential security risks.

Procedure: Restricting Public Access to RDS Instances

Follow these steps to secure your AWS RDS instances by restricting public access:

Step 1: Log in to the AWS Account

Log in to your AWS account using your credentials.

Step 2: Navigate to RDS Instances

Navigate to the Databases section, select RDS, and choose the specific RDS instance that requires an update. Click on the Modify button.

Step 3: Modify DB Instance Connectivity

On the Modify DB Instance page, in the Connectivity section, under Additional Configuration, select Not publicly accessible to restrict public access.

Step 4: Confirm and Apply Changes

Click Continue, and at the bottom of the next page, check Apply Immediately.

Step 5: Apply Configuration Changes

Click Modify DB Instance. Once the configuration changes are applied, the instance will be updated.

Step 6: Review Instance Details

Click on the instance name, and the summary will open with all the details.

Step 7: Edit VPC Security Groups

Under the Connectivity & Security section in the bottom panel, click on the active VPC security groups name to select it for editing.

Step 8: Edit Inbound Rules

On the VPC Security Groups page, select the Inbound Rules tab from the bottom panel and click the Edit Inbound Rules button to edit the selected security group's ingress rules.

Step 9: Update Inbound Rules

In the Edit Inbound Rules dialog box, identify any inbound rules with the Source set to Anywhere (0.0.0.0/0) and update them using one of the following actions:

  • To grant access to a certain IP address:

    • Select Custom IP from the Source dropdown list.

    • Enter the IP address CIDR that you want to authorize in the Source field.

    • Click the Save button to save the changes.

  • To grant access to an EC2 Security Group:

    • Select Custom IP from the Source dropdown list.

    • Enter the EC2 security group ID that you want to authorize in the Source field.

    • Click the Save button to save the changes.

AWS CLI Remediation

If you prefer using AWS CLI for remediation, follow these steps:

1. To list all RDS database names in a particular region:

bashCopy code
aws rds describe-db-instances --region <region>

2. To modify the selected RDS instance connection configuration:

bashCopy code
aws rds modify-db-instance --region <region> --db-instance-identifier <name of db> --no-publicly-accessible --apply-immediately

3. To fetch the VPC security group ID associated with the instance:

bashCopy code
aws rds describe-db-instances --region <region> --db-instance-identifier <name of db> --query 'DBInstances[*].VpcSecurityGroups'

4. To revoke the VPC security group inbound rule with the CIDR set to 0.0.0.0/0:

bashCopy code
aws ec2 revoke-security-group-ingress --region <region> --group-id <value> --protocol <value> --port <value> --cidr 0.0.0.0/0

5. To authorize custom access based on IP/CIDR:

bashCopy code
aws ec2 authorize-security-group-ingress --region <value> --group-id <value> --protocol <value> --port <value> --cidr <value>

6. To authorize custom access based on existing EC2 security groups: 

bashCopy code
aws ec2 authorize-security-group-ingress --region <value> --group-id <value> --protocol <value> --port 3<value> --source-group <value>

If you encounter any difficulties during this process, reach out to the Support Team or contact your dedicated Customer Success Manager for assistance.

Sprinto connects with many incident reporting tools and also has a in-house process to use Sprinto as an incident management system. Capturing incidents and closing them with detailed information is required from a compliance standpoint. Kindly follow the below steps to resolve the check showing up on Incidents.

Procedure:

Step 1: Login to Sprinto (https://app.sprinto.com)

Step 2: Under Security Hub click on Incidents.

Step 3: Click on subsequent tab to Overview, once you have integrated the desired tool to track incidents or if you are using Sprinto as a incident management tool.

Step 4: All the incidents created or synced over from the respective tool will appear, click on Manage next to the incident you would like to close.

Step 5: A drawer will appear, as highlighted in the screenshot below, with the details of the incident.

Step 6: Kindly answer the question, if any critical data was reported as lost in this incident?

Step 7: If NO, choose the option and mention a note in the closing notes section and click on Close Incident.

Step 8: If YES, more questions will appear as highlighted below.

Step 9: Kindly choose the appropriate option, add notes and click on Close Incident.

Once the above steps are completed the respective Incidents check will pass as expected. You can close multiple incidents at if all of them have had no loss of data. Please feel free to reach out to us at [email protected] for any further assistance.

PreviousHow to resolve Infra entity should be classifiedNextHow To Resolve Sprinto Check For Access Requests Assignee