RDP access should not be accessible from the Internet, should be blocked on port 3389

Property
Languageterraform
Severitycritical
Servicenetwork
ProviderAzure
Vulnerability Typemisconfiguration

Description

The network security group allows inbound RDP (port 3389) access from any IP address, effectively exposing RDP services directly to the public internet. This configuration makes it possible for anyone to attempt remote desktop connections to the resource.

Impact

Exposing RDP to the internet significantly increases the risk of unauthorized access, brute-force attacks, and potential system compromise. An attacker could gain remote control over affected virtual machines, leading to data theft, service disruption, or further attacks within the cloud environment.

RDS Cluster and RDS instance should have backup retention longer than default 1 day

Property
Languageterraform
Severitymedium
Servicerds
ProviderAWS
Vulnerability Typeomission

Description

RDS clusters and instances are configured with the default backup retention period of 1 day or less, which is insufficient for reliable data recovery and issue investigation. The configuration does not explicitly set a longer retention period, increasing the risk of data loss.

Impact

If a database is compromised or data is corrupted, only one day’s worth of backups will be available for recovery, significantly increasing the risk of permanent data loss and reducing the ability to recover from accidental or malicious changes.

RDS Cluster Deletion Protection Disabled

Property
Languageterraform
Severitymedium
Servicerds
Provideraws
Vulnerability Typeomission

Description

RDS clusters are provisioned without deletion protection enabled, allowing them to be deleted without restriction. This configuration increases the risk of accidental or unauthorized removal of critical database resources.

Impact

Without deletion protection, an attacker or user with sufficient permissions could delete RDS clusters, causing data loss and service outages. Such incidents can disrupt application functionality and result in significant operational and financial consequences.

RDS Deletion Protection Disabled

Property
Languageterraform
Severitymedium
Servicerds
Provideraws
Vulnerability Typeomission

Description

RDS database instances are provisioned without deletion protection enabled, allowing them to be deleted without additional safeguards. This configuration increases the risk of accidental or unauthorized removal of critical database resources.

Impact

If exploited, attackers or users with sufficient privileges could delete RDS instances, leading to potential loss of data and service disruption. This could result in downtime, loss of business-critical information, and increased recovery time and costs.

RDS encryption has not been enabled at a DB Instance level.

Property
Languageterraform
Severityhigh
Servicerds
ProviderAWS
Vulnerability Typeomission

Description

RDS database instances are configured without storage encryption, meaning data at rest is not protected by encryption. This leaves database contents unprotected if the underlying storage is accessed directly.

Impact

If an attacker gains access to the storage or backups of the RDS instance, they could read sensitive data in plaintext. This increases the risk of data breaches and violates compliance requirements for data protection.

RDS IAM Database Authentication Disabled

Property
Languageterraform
Severitymedium
Servicerds
Provideraws
Vulnerability Typeomission

Description

RDS database instances for PostgreSQL or MySQL are configured without IAM Database Authentication, meaning access is managed solely through static database credentials instead of AWS IAM identities.

Impact

Without IAM authentication, database access is harder to centrally manage and audit, increasing the risk of credential leaks or unauthorized access. Attackers compromising static credentials could gain persistent access to the database, potentially leading to data breaches or unauthorized data manipulation.

RDS Publicly Accessible

Property
Languageterraform
Severityhigh
Servicerds
Provideraws
Vulnerability Typemisconfiguration

Description

RDS database instances are configured to be publicly accessible, exposing their endpoints to the internet. This setting allows external connections to the database from outside the AWS network, increasing the risk of unauthorized access.

Impact

If exploited, attackers could connect directly to the database over the internet, potentially leading to data breaches, unauthorized data manipulation, or service disruption. Public exposure makes sensitive information vulnerable and increases the attack surface for the organization.

Redis cluster should have backup retention turned on

Property
Languageterraform
Severitymedium
Serviceelasticache
ProviderAWS
Vulnerability Typeomission

Description

The Redis cluster is configured without a snapshot retention policy, meaning automatic backups are not enabled. This omission leaves the cluster without point-in-time recovery options in case of data loss or failure.

Impact

If the Redis cluster experiences data corruption, accidental deletion, or a critical failure, recovery will be difficult or impossible without backups. This can lead to permanent loss of cached data, potential downtime, and disruption to dependent applications or services.

Redshift cluster should be deployed into a specific VPC

Property
Languageterraform
Severityhigh
Serviceredshift
ProviderAWS
Vulnerability Typeomission

Description

The Redshift cluster is deployed without specifying a subnet group, causing it to run outside of a defined VPC in EC2 Classic mode. This configuration lacks the network isolation and security controls provided by a VPC.

Impact

Without VPC protection, the Redshift cluster is exposed to broader network access, increasing the risk of unauthorized access or data breaches. Attackers could exploit this exposure to access sensitive data or disrupt cluster operations.

Redshift clusters should use at rest encryption

Property
Languageterraform
Severityhigh
Serviceredshift
ProviderAWS
Vulnerability Typeomission

Description

Redshift clusters are not configured to use encryption at rest, which means data stored within the cluster is not protected if the underlying storage is accessed or compromised. Encryption is disabled or missing a customer-managed KMS key in the resource definition.

Impact

If the infrastructure is breached or physical storage is accessed, unencrypted data in the Redshift cluster could be exposed, leading to potential data leakage of sensitive or regulated information and resulting in compliance violations or financial loss.