Best practice rules for Alibaba Cloud RDS
- Disable Public Access
Ensure that RDS database instances are not publicly accessible.
- Enable "log_connections" Parameter for PostgreSQL Database Instances
Enable that "log_connections" parameter is enabled for RDS database instances.
- Enable "log_disconnections" Parameter for PostgreSQL Database Instances
Enable that "log_disconnections" parameter is enabled for RDS database instances.
- Enable "log_duration" Parameter for PostgreSQL Database Instances
Ensure that "log_duration" parameter is enabled for RDS database instances.
- Enable Encryption in Transit
Ensure that RDS database instances are configured to enforce SSL for all incoming connections.
- Enable SQL Auditing for MySQL Database Instances
Ensure that SQL auditing is enabled for applicable MySQL database instances.
- Enable SQL Auditing for PostgreSQL Database Instances
Ensure that SQL auditing is enabled for applicable PostgreSQL database instances.
- Enable SQL Auditing for RDS Database Instances
Ensure that SQL auditing is enabled for RDS applicable database instances.
- Enable SQL Auditing for SQL Server Database Instances
Ensure that SQL auditing is enabled for applicable SQL Server database instances.
- Enable Transparent Data Encryption
Ensure that Transparent Data Encryption is enabled for RDS database instances.
- Enable Transparent Data Encryption with Customer Managed Keys
Ensure that Transparent Data Encryption (TDE) is using custom keys for TDE protector.
- SQL Audit Logs Retention Period
Ensure that SQL database audit retention period is greater than or equal to 6 months.