AWS DMS replication instance is publicly accessible
Description
AWS Database Migration Service (AWS DMS) is a service for migrating relational databases, data warehouses, NoSQL databases and other data stores. DMS can be used to migrate data into the AWS Cloud, between on-premises instances, or between combinations of cloud and on-premises environments. An AWS DMS replication instance can have one public IP address and one private IP address, just like an Amazon Elastic Compute Cloud (Amazon EC2) instance that has a public IP address. If you uncheck (disable) the box for Publicly accessible, then the replication instance has only a private IP address.
Code Example
go
resource "aws_dms_replication_instance" "test" {
...
allocated_storage = 20
+ publicly_accessible = false
}Remediation
Terraform
- Resource: aws_dms_replication_instance
- Arguments: publicly_accessible - (Optional, Default: false) Specifies the accessibility options for the replication instance.
A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0142 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_89 |