AWS Relational Database Service Overview

slide1 n.w
1 / 11
Embed
Share

"Learn about AWS Relational Database Service (RDS), a managed database service designed to simplify the setup, operation, and scaling of relational databases in the cloud. Discover key features such as cost-efficiency, resizable capacity, automation of administration tasks, support for multiple database engines, security options, and integration with other AWS services."

  • AWS
  • RDS
  • Database
  • Cloud
  • Security
rayaanacharya
mari_947 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. RDS Relational Database Service HackTricks Training

  2. Basic Information Relational Database Service (RDS) is a managed database service that simplifies the process of setting up, operating, and scaling a relational database in the cloud. AWS RDS provides cost- efficient and resizable capacity, and it automates time-consuming administration tasks, such as hardware provisioning, database setup, patching, and backups. AWS RDS supports several popular relational database engines: MySQL, PostgreSQL, MariaDB, Oracle Database, Microsoft SQL Server & Amazon Aurora compatible with MySQL or with PostgreSQL. With RDS, you can easily manage database instances, create read replicas to increase read performance, and set up multi-Availability Zone (AZ) deployments for high availability and failover support. Additionally, RDS integrates with other AWS services, such as AWS Identity and Access Management (IAM) for access control, AWS CloudWatch for monitoring and metrics, and AWS Key Management Service (KMS) for encryption at rest. https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum

  3. RDS DB Credentials When creating the DB cluster the master username can be configured (admin by default). To generate the password of this user you can: Indicate a password yourself Tell RDS to auto generate it Tell RDS to manage it in AWS Secret Manager encrypted with a KMS key https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum

  4. RDS Authentication There are 3 types of authentication options, but using the master password is always allowed: https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum

  5. Public Access & VPC By default no public access is granted to the databases, however it could be granted. Therefore, by default only machines from the same VPC will be able to access it if the selected security group (are stored in EC2 SG) allows it. Instead of exposing a DB instance, it s possible to create a RDS Proxy which improves the scalability & availability of the DB cluster. Moreover, the database port can be modified also. https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum

  6. Encryption Encryption is enabled by default using an AWS managed key (a CMK could be chosen instead). By enabling encryption, you are enabling encryption at rest for your storage, snapshots, read replicas and your back-ups. It's not possible to add this level of encryption after your database has been created. It has to be done during its creation. However, there is a workaround allowing you to encrypt an unencrypted database as follows. You can create a snapshot of your unencrypted database, create an encrypted copy of that snapshot, use that encrypted snapshot to create a new database, and then, finally, your database would then be encrypted. https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum

  7. Manual Enumeration # Clusters info aws rds describe-db-clusters #IAM enabled? public? port? SG? aws rds describe-db-cluster-endpoints #Cluster URLs aws rds describe-db-cluster-backtracks --db-cluster-identifier <cluster-name> ## Cluster snapshots aws rds describe-db-cluster-snapshots # Get DB instances info aws rds describe-db-instances #username? url? port? vpc? SG? public? aws rds describe-db-security-groups ## Find automated backups aws rds describe-db-instance-automated-backups ## Find snapshots aws rds describe-db-snapshots aws rds describe-db-snapshots --include-public --snapshot-type public ## Restore snapshot as new instance aws rds restore-db-instance-from-db-snapshot --db-instance-identifier <ID> --db-snapshot-identifier <ID> --availability-zone us-west-2a # Proxies aws rds describe-db-proxy-endpoints aws rds describe-db-proxy-target-groups aws rds describe-db-proxy-targets ## reset credentials of MasterUsername aws rds modify-db-instance --db-instance-identifier <ID> --master-user-password <NewPassword> --apply-immediately https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum

  8. Unauth Access Public Port Public snapshot A snapshot of a RDS could be made public so anyone with an AWS account can download it A DB could be exposed to the internet https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds- unauthenticated-enum

  9. DEMO Privilege Escalation rds:ModifyDBInstance Modify the password of the master user Abuse RDS IAM role to access S3 https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-privilege-escalation/aws-rds-privesc

  10. Post Exploitation rds:CreateDBSnapshot, rds:RestoreDBInstanceFromDBSnapshot, rds:ModifyDBInstance Create a DB with the snapshot of another DB to access the data rds:ModifyDBSnapshotAttribute, rds:CreateDBSnapshot Create a DB snapshot and make it public https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-post-exploitation/aws-rds-post-exploitation

  11. Persistence Make database publicly accessible/Create a new cluster instance that is publicly accessible Create a new admin user inside the DB/exfiltrate the credentials https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-persistence/aws-rds-persistence

Related


RDS-Knight V4: Enhanced Remote Access Security

RDS-Knight V4: Enhanced Remote Access Security

sera
Database Design Process and Concepts

Database Design Process and Concepts

eithan
Enhancing Relational Similarity Measurements: A Model Combination Approach

Enhancing Relational Similarity Measurements: A Model Combination Approach

callen
Reactor: A Case for Predictable, Virtualized Actor Database Systems

Reactor: A Case for Predictable, Virtualized Actor Database Systems

evre590
Relational Query Languages in Database Applications

Relational Query Languages in Database Applications

mcpherson_y
Library-Research Office Collaborations: Strategies for Funding Research Data Service (RDS) at Arizona & Illinois

Library-Research Office Collaborations: Strategies for Funding Research Data Service (RDS) at Arizona & Illinois

znapo
Relational Bayesian Networks in Statistical Inference

Relational Bayesian Networks in Statistical Inference

ambroise_b
The Relational Data Model and Database Concepts

The Relational Data Model and Database Concepts

yem_bol
Enhanced Security Features and User-Friendly Interface in RDS-Knight V4

Enhanced Security Features and User-Friendly Interface in RDS-Knight V4

sasi
Relational Database Design Fundamentals

Relational Database Design Fundamentals

sjos
Evolution of Database Management Systems

Evolution of Database Management Systems

kert480
Introduction to Relational Calculus and Algebra in Database Management

Introduction to Relational Calculus and Algebra in Database Management

gobl_k
CSE202 Database Management Systems

CSE202 Database Management Systems

akshargr
PHP Database Interaction Overview

PHP Database Interaction Overview

seli_65
SQL Data Analytics: Creating a Relational Database

SQL Data Analytics: Creating a Relational Database

dov_37
Using ScalaQuery to Work with Relational Databases

Using ScalaQuery to Work with Relational Databases

curt_7
RDS Update: Pathway Principles & Best Practices

RDS Update: Pathway Principles & Best Practices

medidoc
Overview of System R: Relational Data Model and SQL Query Language

Overview of System R: Relational Data Model and SQL Query Language

btym
Relational Databases and SQL

Relational Databases and SQL

czoy
Comprehensive Guide to Database Design and Management Systems

Comprehensive Guide to Database Design and Management Systems

gsev
Relational Data Modelling: A Comprehensive Overview

Relational Data Modelling: A Comprehensive Overview

jage970
Database Assessment Vulnerability Assessment Course

Database Assessment Vulnerability Assessment Course

nit_pr

More Related Content