Description

Check that the IP that your RDS instance hostname resolves to is a public IP address. 


Rationale:  

It is recommended that RDS instance should not be publicly accessible to other services and resources in AWS. Public RDS instance means that unauthorized actors could access your data which can lead to misuse of the data.


Remediation: 

  • Ensure that the RDS instance has the publicly accessible attribute set so that it is assigned a public address.
  • Also according to the AWS RDS docs, "If you want your DB instance in the VPC to be publicly accessible, you must enable the VPC attributes DNS hostnames and DNS resolution."

Reference: