# How to resolve Reported incident should be closed ### About Sprinto Check: AWS RDS database should be protected from direct internet traffic #### Securing AWS RDS: Restricting Public Access As a critical security best practice, Amazon RDS (Relational Database Service) instances should only be exposed internally within their Virtual Private Cloud (VPC) and restricted to instances that specifically need to communicate with the database. Avoiding a public endpoint for RDS instances, unless there is a clear business requirement, is crucial for minimizing potential security risks. ### Procedure: Restricting Public Access to RDS Instances Follow these steps to secure your AWS RDS instances by restricting public access: #### Step 1: Log in to the AWS Account Log in to your AWS account using your credentials. #### Step 2: Navigate to RDS Instances Navigate to the Databases section, select RDS, and choose the specific RDS instance that requires an update. Click on the Modify button. #### Step 3: Modify DB Instance Connectivity On the Modify DB Instance page, in the Connectivity section, under Additional Configuration, select Not publicly accessible to restrict public access. #### Step 4: Confirm and Apply Changes Click Continue, and at the bottom of the next page, check Apply Immediately. #### Step 5: Apply Configuration Changes Click Modify DB Instance. Once the configuration changes are applied, the instance will be updated. #### Step 6: Review Instance Details Click on the instance name, and the summary will open with all the details. #### Step 7: Edit VPC Security Groups Under the Connectivity & Security section in the bottom panel, click on the active VPC security groups name to select it for editing. #### Step 8: Edit Inbound Rules On the VPC Security Groups page, select the Inbound Rules tab from the bottom panel and click the Edit Inbound Rules button to edit the selected security group's ingress rules. #### Step 9: Update Inbound Rules In the Edit Inbound Rules dialog box, identify any inbound rules with the Source set to Anywhere (0.0.0.0/0) and update them using one of the following actions: * To grant access to a certain IP address: * Select Custom IP from the Source dropdown list. * Enter the IP address CIDR that you want to authorize in the Source field. * Click the Save button to save the changes. * To grant access to an EC2 Security Group: * Select Custom IP from the Source dropdown list. * Enter the EC2 security group ID that you want to authorize in the Source field. * Click the Save button to save the changes. #### AWS CLI Remediation If you prefer using AWS CLI for remediation, follow these steps: 1\. To list all RDS database names in a particular region: ``` bashCopy code aws rds describe-db-instances --region ``` 2\. To modify the selected RDS instance connection configuration: ``` bashCopy code aws rds modify-db-instance --region --db-instance-identifier --no-publicly-accessible --apply-immediately ``` 3\. To fetch the VPC security group ID associated with the instance: ``` bashCopy code aws rds describe-db-instances --region --db-instance-identifier --query 'DBInstances[*].VpcSecurityGroups' ``` 4\. To revoke the VPC security group inbound rule with the CIDR set to 0.0.0.0/0: ``` bashCopy code aws ec2 revoke-security-group-ingress --region --group-id --protocol --port --cidr 0.0.0.0/0 ``` 5\. To authorize custom access based on IP/CIDR: ``` bashCopy code aws ec2 authorize-security-group-ingress --region --group-id --protocol --port --cidr ``` 6\. To authorize custom access based on existing EC2 security groups:
``` bashCopy code aws ec2 authorize-security-group-ingress --region --group-id --protocol --port 3 --source-group ``` If you encounter any difficulties during this process, reach out to the Support Team or contact your dedicated Customer Success Manager for assistance. Sprinto connects with many incident reporting tools and also has a in-house process to use Sprinto as an incident management system. Capturing incidents and closing them with detailed information is required from a compliance standpoint. Kindly follow the below steps to resolve the check showing up on Incidents. **Procedure:** Step 1: Login to Sprinto () Step 2: Under Security Hub click on Incidents. Step 3: Click on subsequent tab to Overview, once you have integrated the desired tool to track incidents or if you are using Sprinto as a incident management tool. Step 4: All the incidents created or synced over from the respective tool will appear, click on Manage next to the incident you would like to close. Step 5: A drawer will appear, as highlighted in the screenshot below, with the details of the incident.
Step 6: Kindly answer the question, if any critical data was reported as lost in this incident? Step 7: If NO, choose the option and mention a note in the closing notes section and click on Close Incident. Step 8: If YES, more questions will appear as highlighted below.
Step 9: Kindly choose the appropriate option, add notes and click on Close Incident. Once the above steps are completed the respective Incidents check will pass as expected. You can close multiple incidents at if all of them have had no loss of data. Please feel free to reach out to us at for any further assistance. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/monitors/governance-and-compliance-monitors/how-to-resolve-reported-incident-should-be-closed.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.