Skip to content

Change Default Port


By default, Amazon RDS MySQL instances listen to incoming connections in the port 3306, as documented in The Amazon RDS User Guide.


Using non-default ports will prevent a system from being found with routine network sweeps or by IoT search engines.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type cluster
secureclouddb/engine mysql

Default Rule

const { isAwsRdsCluster } = aws
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the default port is not used
function validate(databaseSettings) {
    const success = isAwsRdsCluster(databaseSettings) &&
                    databaseSettings.awsDatabaseInstance.rdsCluster.port != 3306

    return {

// invoke