Help Center/ Config/ User Guide/ Resource Compliance/ Built-In Policies/ Relational Database Service/ RDS Default Port Check
Updated on 2025-08-25 GMT+08:00
View PDF
Share

RDS Default Port Check

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

rds-instance-port-check

Identifier

RDS Default Port Check

Description

If an RDS instance has unallowed ports enabled, this instance is non-compliant.

Tag

rds

Trigger Type

Configuration change

Filter Type

rds.instances

Rule Parameters
  • blockedPortsForMysql: Unallowed MySQL database ports. The value must be an array.
  • blockedPortsForMariadb: Unallowed MariaDB ports. The value must be an array.
  • blockedPortsForPostgresql: Unallowed PostgreSQL ports. The value must be an array.
  • blockedPortsForSqlserver: Unallowed SQLServer ports. The value must be an array.

Application Scenarios

The default port is more likely to be eavesdropped, so a non-default port is recommended. The default port of MySQL is 3306, that of MariaDB is 3306, that of PostgreSQL is 5432, and that of SQL Server is 1433.

Solution

Change a database port for MySQL.

Rule Logic

  • If an RDS for MySQL instance uses a port that is forbidden by blockedPortsForMysql, the RDS DB instance is non-compliant.
  • If an RDS for PostgreSQL instance uses a port that is forbidden by blockedPortsForMysql, the RDS instance is non-compliant.
  • If an RDS for MariaDB instance uses a port that is forbidden by blockedPortsForMariadb, the RDS instance is non-compliant.
  • If an RDS for SQLServerinstance uses a port that is forbidden by blockedPortsForSqlserver, the RDS instance is non-compliant.
  • If an RDS instance does not use any forbidden port, the RDS instance is compliant.