my-sql-instance3
Overview
Critical
1High
1Medium
13Low
1Informational
0Security issues (16)
Severity | Non-Compliance | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|
Medium | — | SQL database instance is publicly accessible from all IP addresses. | To fulfill HIPAA and PCI DSS requirements on strict access and integrity controls, ensure that all SQL instances are configured to accept connections from trusted networks and IP addresses only. | More info | |
Medium | HIPAA (Backup) | SQL database instance has no backup run, and so it can not be restored to a recent point. | To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point. | More info | |
Medium | CIS 6.7 | SQL database instance does not have an automated backup enabled. | Ensure that automated backups are enabled for all SQL database instances. | More info | |
Medium | — | SQL database instance does not have multi-AZ enabled. | Ensure that all SQL instances are created with a secondary AZ to ensure proper failover. | More info | |
Medium | CIS 6.4 PCI DSS 4.2 HIPAA (Encryption) | SQL database instance has SSL/TLS disabled. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only. | More info | |
Medium | — | PostgreSQL database instance has "log_checkpoints" flag disabled. | To allow checkpoints and restart points to be logged, ensure all your PostgreSQL database instances have the "log_checkpoints" flag enabled. | More info | |
Medium | CIS 6.2.2 | PostgreSQL database instance has "log_connections" flag disabled. | To ensure each attempted connection to the database instance to be logged, ensure all your PostgreSQL database instances have the "log_connections" flag enabled. | More info | |
Medium | CIS 6.2.3 | PostgreSQL database instance has "log_disconnections" flag disabled. | To ensure the database logs the end of each session, ensure all your PostgreSQL database instances have the "log_disconnections" flag enabled. | More info | |
Medium | — | PostgreSQL database instance has "log_lock_waits" flag disabled. | To diagnose poor performance due to locking delays and identify underlying security and performance issues, ensure all your PostgreSQL database instances have the "log_lock_waits" flag enabled. | More info | |
Medium | CIS 6.2.8 | PostgreSQL database instance has "log_min_duration_statement" flag enabled. | To avoid logging statements with sensitive information, ensure all your PostgreSQL database instances have the "log_min_duration_statement" flag set to -1 (i.e. disabled). | More info | |
Medium | CIS 6.2.7 | PostgreSQL database instance does not have "log_min_error_statement" flag set to Error. | As the best practice setting, ensure all your PostgreSQL database instances have the "log_min_error_statement" flag (the minimum message severity level considered an error statement) to be set to Error (or stricter). | More info | |
Medium | — | PostgreSQL database instance has "log_temp_files" flag disabled. | To diagnose potential performance issues that can be created by poor programming practices, ensure all your PostgreSQL database instances have the "log_temp_files" flag set to 0 (enabled). | More info | |
Critical | — | SQL database instance SSL certificate has expired 34 days ago. | Ensure that all incoming connections to your SQL database instances remain secure by rotating all the server certificates before they expire. | More info | |
Medium | CIS 6.6 | SQL database instance has public IPs. | To reduce the application's attack surface, ensure your SQL database instances are configured to use private IP addresses instead of public IPs. | More info | |
Low | — | SQL database instance has automatic storage increase limit set zero (no limit for storage growth). | To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit. | More info | |
High | PCI DSS 3.5 HIPAA (Encryption) | SQL database instance is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your SQL database instances are encrypted using CMK. | More info |