Notify All Publicly Open AWS RDS Instances Once in a Week

Updated 2 months ago by Totalcloud

Unwanted open AWS RDS instances pose a security threat, and may cause havoc if neglected.

There's a template already available in the web app for this use case. This workflow template automatically fetches all open RDS instances and sends an email with the list for your review every week.

Please find below the information on how this template works and how you can customize it according to your needs.

How Does This Template Work?

  1. Trigger node initiates the workflow once in seven days.
  2. Resource node fetches all RDS DB instances belonging to an AWS account and AWS region.
  3. Resource Node's Add-on feature fetches Security Group qualities of the selected DB instances.
  4. Filter node looks-up for inbound rules of security groups that are open -- 0.0.0.0/0.
  5. Notification node sends an email to the concerned team(s) or stakeholder(s) with the list of all the public buckets.

Steps to Customize this Template

  1. Open the template and check for all the nodes' connectivity.
  2. Double click on Trigger node. Add or modify the following details as per your requirement:
    1. Retain the 'Recurrent' selection and 'Every Seven Days' selection. If you wish to start the workflow every morning, select 'Schedule' and select all the days of the week.
    2. Click on Save Node.
  3. Double click on Resource node. Add or modify the following details as per your requirement:
    1. Select your AWS account from the drop down menu.
    2. Select the AWS region you want to pick the resources from.
    3. Retain the AWS Service name 'RDS' entry.
    4. Retain the AWS Resource name 'DB Instances' entry.
    5. Retain the 'Security Groups' selection in the 'Add-ons' entry.
    6. Pass only specific DB instances in the Advanced Filters script in place of values as shown below.
    { /*---------- optional params ----------*/

    /*
    * (Use keyword MAP in place of value if want to autofill any value from previous data) */

    "DBInstanceIdentifier": "VALUE",
    "Filters": [
    "VALUE",
    "VALUE"
    ],
    "MaxRecords": [
    "VALUE",
    "VALUE"
    ]
    }
    1. Click on Save Node.
  4. Double click on Filter node. Retain the Security Group filter selection and all the rules. To fine tune the filtering further, add more conditions.
  5. Click on Save Node.
  6. Double click on Report node. Add or modify the following details as per your requirement:
    1. Retain Passthrough
    2. Retain DBName and DBInstanceIdentifier selections.
  7. Click on Save the Workflow.
  8. Click on Validate the Workflow with the policy.
  9. Click on Run Now.


How did we do?