AWSConfigRemediation-DisablePublicAccessToRDSInstance
Description
The AWSConfigRemediation-DisablePublicAccessToRDSInstance
runbook
disables public accessibility for the Amazon Relational Database Service (Amazon RDS) database (DB) instance that
you specify.
Document type
Automation
Owner
Amazon
Platforms
Databases
Parameters
-
AutomationAssumeRole
Type: String
Description: (Required) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
-
DbiResourceId
Type: String
Description: (Required) The resource identifier for the DB instance that you want to disable public accessibility for.
Required IAM permissions
The AutomationAssumeRole
parameter requires the following actions to
use the runbook successfully.
-
ssm:StartAutomationExecution
-
ssm:GetAutomationExecution
-
rds:DescribeDBInstances
-
rds:ModifyDBInstance
Document Steps
-
aws:executeAwsApi
- Gathers the DB instance identifier from the DB instance resource identifier. -
aws:assertAwsResourceProperty
- Verifies the DB instances is in anAVAILABLE
state. -
aws:executeAwsApi
- Disables public accessibility on your DB instance. -
aws:waitForAwsResourceProperty
- Waits for the DB instance to change to aMODIFYING
state. -
aws:waitForAwsResourceProperty
- Waits for the DB instance to change to anAVAILABLE
state. -
aws:assertAwsResourceProperty
- Confirms public accessibility is disabled on the DB instance.