Ensure that your Amazon RDS databases instances are not using their default endpoint ports (i.e. MySQL/Aurora port 3306, SQL Server port 1433, PostgreSQL port 5432, etc) in order to promote port obfuscation as an additional layer of defense against non-targeted attacks.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Running your database instances on default ports represent a potential security concern. Moving RDS instances ports (the ports on which the database accepts connections) to non-default ports will add an extra layer of security, protecting your publicly accessible AWS RDS databases from brute force and dictionary attacks.
The following table lists the endpoint default port for each AWS RDS database engine available:
|Database Engine||Default Port Number|
To determine if your existing RDS database instances are using their default ports, perform the following:
Remediation / Resolution
To change the default port number for your existing RDS database instances, perform the following steps:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
RDS Default Port
Risk level: Low