
Restricting access to Elasticsearch/Opensearch service
Elasticsearch/OpenSearch domains that are not required to be openly accessible should be created without a public endpoint to prevent arbitrary public access to the domain.
Elasticsearch/OpenSearch domains that are not required to be openly accessible should be created without a public endpoint to prevent arbitrary public access to the domain.
Publicly exposed database instances can attract a lot of brute force attacks and may lead to a compromise of the database as well. If a database requires a public IP address, then one must make sure to restrict the public access to only trusted IP addresses.
Encrypting data at rest is a security best practice. RDS instances must also be encrypted. If you have an existing unencrypted RDS instance, this article will guide you on how you can migrate it to an encrypted one.
Exposing AWS RDS database instances to the internet is generally a bad security practice since it contains data meant to be consumed by specific instances only. If that is the case for you as well, follow this article to see how you can restrict access to your RDS Instances.
Public AWS RDS database snapshots are accessible to any AWS user. If you have created a public RDS snapshot that may contain sensitive or private information and would like to change it to a private snapshot, follow this step-by-step guide.
A cloud administrator can create an instance with all tools and software installed and then make an image out of this to be reused in the future. This image could contain proprietary data and code etc. that could be abused by an attacker if they gain access to the AMI.