Skip to content

Ensure Change Default Port


Amazon RDS Postgres instances listen to incoming connections in the port 5432 by default, as documented in the Amazon RDS User Guide.


Using non-default ports will prevent a system from being found with routine network sweeps or by IoT search engines.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/resource-type cluster
secureclouddb/engine postgres

Default Rule

const { isAwsRdsCluster, isAwsRdsClusterServerless } = aws
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the cluster is serverless and the default port is not used
function validate(databaseSettings) {
    const success = isAwsRdsCluster(databaseSettings) && (
                    isAwsRdsClusterServerless(databaseSettings) ||
                    databaseSettings.awsDatabaseInstance.rdsCluster.port != 5432)

    return {

// invoke