How to prevent database hacking

First of all, if it's the same scenario as the questioner...

The aws instance means ec2...It is understood that mysql and mongodb are individually installed and operated in the ec2 instance.

First of all, there are various types of hacking, so it is important to find the cause.

If it's due to sqline injection, it's a problem with the application, so it's irrelevant to aws.

sqlinjection is a flaw in the application, so...pass and

By default, databases should not be publicly exposed. It should not be accessible from the Internet.

The ec2 with mysql installed must be on private subnet, and if you need to connect to that instance, you must connect through the bastion server (ec2 instance) installed on the public subnet.

ec2 with httpd should only open the required ports (80, 443) in the security group. For #22 (including the bastion server), set xxx.xxx.xxx.xxx/32 in network acl so that only the questioner pc can access it.

awswaf service for web application security (web firewall) is provided in aws. You can also use the waf to defend the sqlin injection to some extent. You can register patterns to prevent them. But this is the next best.

Also, something like root access key may have been exposed. If you're managing the access key within ec2...Delete it and use it using ec2's iam role.

And...If you are storing mysql's id/password in the application's configuration file or source, you should also use the aws secret manager service to keep the id and password and use it when necessary (when the application accesses db).

The combination I personally recommend is that mysql uses rds (mysql of rds) and mongodb uses dynamoDB to reduce infrastructure tasks a lot.