my-sql-instance
Overview
Critical
0High
1Medium
9Low
1Informational
0Security issues (11)
Severity | Non-Compliance | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|
Medium | CIS 6.1.1 | SQL database instance can be accessed by the root user from any host. | To ensure secure access, limit root access to SQL instances to allowed IPs only. | More info | |
Medium | — | SQL database instance is publicly accessible from all IP addresses. | To fulfill HIPAA and PCI DSS requirements on strict access and integrity controls, ensure that all SQL instances are configured to accept connections from trusted networks and IP addresses only. | More info | |
Medium | HIPAA (Backup) | SQL database instance has no backup run, and so it can not be restored to a recent point. | To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point. | More info | |
Medium | CIS 6.7 | SQL database instance does not have an automated backup enabled. | Ensure that automated backups are enabled for all SQL database instances. | More info | |
Medium | — | SQL database instance does not have multi-AZ enabled. | Ensure that all SQL instances are created with a secondary AZ to ensure proper failover. | More info | |
Medium | CIS 6.4 PCI DSS 4.2 HIPAA (Encryption) | SQL database instance has SSL/TLS disabled. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only. | More info | |
Medium | CIS 6.1.3 | MySQL database instance has "local_infile" flag enabled. | To follow best practices on data security, ensure all your MySQL database instances have the "local_infile" flag disabled. | More info | |
Medium | — | MySQL database instance has "slow_query_log" flag disabled. | To simplify the task of finding inefficient or time-consuming SQL queries, ensure all your MySQL database instances have the "slow_query_log" flag enabled. | More info | |
Medium | CIS 6.6 | SQL database instance has public IPs. | To reduce the application's attack surface, ensure your SQL database instances are configured to use private IP addresses instead of public IPs. | More info | |
Low | — | SQL database instance has automatic storage increase limit set zero (no limit for storage growth). | To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit. | More info | |
High | PCI DSS 3.5 HIPAA (Encryption) | SQL database instance is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your SQL database instances are encrypted using CMK. | More info |