RDS instances should use a non-default port

rds
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Confirm Amazon RDS database instances are not using default ports. This includes default ports such as MySQL/Aurora port 3306, SQL Server port 1433, and PostgreSQL port 5432.

Rationale

Using a custom port can protect against potential brute-force and dictionary attacks.

Remediation

From the console

Follow the Modifying an Amazon RDS instance docs to verify you’re not using a default. You can modify your port by modifying that DB instance settings.

From the command line

  1. Run create-db-snapshot with your database instance and snapshot identifiers to create a snapshot.

    create-db-snapshot.sh

        aws rds create-db-snapshot \
        --db-instance-identifier database-mysql \
        --db-snapshot-identifier snapshotidentifier

  2. Run modify-db-instance with a new, valid port number. A list of port numbers are available.

    modify-db-instance.sh

        aws rds modify-db-instance \
        --db-instance-identifier database-identifier \
        --option-group-name test-group-name \
        --db-parameter-group-name test-sqlserver-name \
        --apply-immediately
PREVIEWING: aliciascott/DOCS-9725-Cloudcraft