Database Security

In the course of this workshop you created Amazon Aurora PostgreSQL database in a public subnet in order to be able to access it from developer machine and do the code modernization. Also you have opened port 5432 for your IP in order to access it.

In production environment you should place database to the private subnet by selecting SubnetType.PRIVATE when you create database.

VpcSubnets = new SubnetSelection() { SubnetType = SubnetType.PRIVATE }, // DB in private subnet

Also you should remove Inbound rule for your IP.

sg.AddIngressRule(Peer.Ipv4("XXX.XXX.XXX.XXX/32"), Port.Tcp(5432)); // PostgreSQL

You should not do these changes now. Just keep in mind when you create production infrastructure to place database in a private subnet.