Skip to content

Change Default Port

Description

By default, Amazon RDS MySQL instances listen to incoming connections in the port 3306, as documented in The Amazon RDS User Guide.

Rationale

Using non-default ports will prevent a system from being found with routine network sweeps or by IoT search engines.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type cluster
secureclouddb/engine mysql

Default Rule

const { isAwsRdsCluster } = aws
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the default port is not used
 */
function validate(databaseSettings) {
    const success = isAwsRdsCluster(databaseSettings) &&
                    databaseSettings.awsDatabaseInstance.rdsCluster.port != 3306

    return {
        success,
    }
}

// invoke
validate(databaseSettings);