Back to All Checks
High GuardDuty Regional

GuardDuty RDS Protection should be enabled

PCI DSS v4.0.1PCI DSS v11.5.1

Description

This control checks whether GuardDuty RDS Protection is enabled. For a standalone account, the control fails if GuardDuty RDS Protection is disabled. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts do not have RDS Protection enabled. RDS Protection in GuardDuty analyzes and profiles RDS login activity for potential access threats to your Amazon Aurora databases (Aurora MySQL-Compatible Edition and Aurora PostgreSQL-Compatible Edition). This feature allows you to identify potentially suspicious login behavior. RDS Protection doesn't require additional infrastructure and is designed so as not to affect the performance of your database instances.

Remediation

To enable GuardDuty RDS Protection, you need to configure the RDS Protection settings in GuardDuty.

Steps

  1. Navigate to the Amazon GuardDuty console
  2. Go to 'Settings' in the left navigation
  3. Select 'RDS Protection'
  4. Enable 'RDS Protection'
  5. Configure the protection settings as needed
  6. Save the configuration
  7. Verify that RDS Protection is active

Compliance

PCI DSS v4.0.1PCI DSS v11.5.1
Start Your Free Security Check