Skip to content

Ensure Change Default Port

Description

Amazon RDS Postgres instances listen to incoming connections in the port 5432 by default, as documented in the Amazon RDS User Guide.

Rationale

Using non-default ports will prevent a system from being found with routine network sweeps or by IoT search engines.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type cluster
secureclouddb/engine postgres

Default Rule

const { isAwsRdsCluster, isAwsRdsClusterServerless } = aws
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the cluster is serverless and the default port is not used
 */
function validate(databaseSettings) {
    const success = isAwsRdsCluster(databaseSettings) && (
                    isAwsRdsClusterServerless(databaseSettings) ||
                    databaseSettings.awsDatabaseInstance.rdsCluster.port != 5432)

    return {
        success,
    }
}

// invoke
validate(databaseSettings);