Ensure that your Amazon RDS instances are using the dedicated data-tier security group in order to control and secure the access to their databases. This conformity rule assumes that all AWS resources provisioned for your data tier are tagged with <data_tier_tag>:<data_tier_tag_value>, where <data_tier_tag> represents the tag name and <data_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the data-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
The network access to your managed data tier must be tightly controlled using the security group created specifically for the AWS resources within this tier. Note: Make sure that you replace all <data_tier_tag>:<data_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the data tier.
To determine if your data-tier RDS instances are configured to use the security group created for the same tier, perform the following:
To reconfigure your Amazon RDS database instances in order to use the data-tier security group, perform the following actions: