The affected RDS database is Publicly Accessible to the world.

Details

DB Instances deployed within a VPC can be accessed from the Internet or from EC2 Instances outside the VPC via VPN or bastion hosts that you can launch in your public subnet, or using Amazon RDS’s Publicly Accessible option. To use public connectivity, simply create your DB Instances with the Publicly Accessible option set to yes. With Publicly Accessible active, your DB Instances within a VPC will be fully accessible outside your VPC. If you do not want your DB Instances accessible from the Internet or outside your VPC, disable the RDS Publicly Accessible option.
https://aws.amazon.com/rds/faqs/

Suggested Action

Consider whether the affected RDS database should be Publicly Accessible to the world. If not, modify the option which enables your RDS database to become Publicly Accessible and/or configure Security Groups. “Security groups control the access that traffic has in and out of a DB instance. Three types of security groups are used with Amazon RDS: DB security groups, VPC security groups, and EC2 security groups. In simple terms, a DB security group controls access to a DB instance that is not in a VPC, a VPC security group controls access to a DB instance (or other AWS instances) inside a VPC, and an EC2 security group controls access to an EC2 instance.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

Tags: rds