RDS database instance is configure to use a non-default port
- 25 Aug 2023
- 1 Minute to read
- DarkLight
RDS database instance is configure to use a non-default port
- Updated on 25 Aug 2023
- 1 Minute to read
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Description
Confirm Amazon RDS database instances are not using default ports. This includes default ports such as MySQL/Aurora port 3306, SQL Server port 1433, and PostgreSQL port 5432.
Rationale
Using a custom port can protect against potential brute-force and dictionary attacks.
Remediation
From the console
Follow the Modifying an Amazon RDS DB instance docs to verify you’re not using a default. You can modify your port by modifying that DB instance settings.
From the command line
Run create-db-snapshot with your database instance and snapshot identifiers to create a snapshot.
create-db-snapshot.sh
aws rds create-db-snapshot \
--db-instance-identifier database-mysql \
--db-snapshot-identifier snapshotidentifier
Run modify-db-instance with a new, valid port number. A list of port numbers are available.
modify-db-instance.sh
aws rds modify-db-instance \
--db-instance-identifier database-identifier \
--option-group-name test-group-name \
--db-parameter-group-name test-sqlserver-name \
--apply-immediately