Rule: EBS Snapshots Should Not Be Publicly Restorable
Ensure compliance by restricting public restorability of EBS snapshots.
| Rule | EBS snapshots should not be publicly restorable |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
Rule: EBS Snapshots should not be publicly restorable for CISA Cyber Essentials
Rule Description:
This rule ensures that EBS (Elastic Block Store) snapshots in the AWS (Amazon Web Services) environment are not publicly restorable for compliance with CISA Cyber Essentials requirements. EBS snapshots contain all the data from an EBS volume, including the operating system, applications, and data. Making EBS snapshots publicly restorable can lead to unauthorized access and potential data breaches.
Troubleshooting Steps:
If the EBS snapshots are found to be publicly restorable, follow these troubleshooting steps to restrict public access:
- 1.
Identify the publicly restorable EBS snapshots:
- Navigate to the AWS Management Console.
- Go to the EC2 (Elastic Compute Cloud) Dashboard.
- Click on "Snapshots" under the "ELASTIC BLOCK STORE" section.
- Filter the list of snapshots to find the ones marked as publicly restorable.
- 2.
Verify the permissions of the snapshots:
- Select a publicly restorable snapshot.
- In the details pane, go to the "Permissions" tab.
- Check if the "Create volume permissions" for "Public" is set to "Everyone."
- 3.
Update the snapshot permissions:
- Select the publicly restorable snapshot.
- Click on the "Modify Permissions" button.
- In the "Create volume permissions" section, click on the "Define more permissions" link.
- Remove the "Public" permission by selecting it and clicking on the "Revoke" button.
- Click "Save" to apply the changes.
- 4.
Repeat steps 3-4 for all publicly restorable snapshots identified in step 1.
Necessary Code:
No code is required for this rule.
Remediation Steps:
Follow these steps to remediate the issue and ensure EBS snapshots are not publicly restorable:
- 1.
Access the AWS Management Console.
- 2.
Navigate to the EC2 Dashboard.
- 3.
Click on "Snapshots" under the "ELASTIC BLOCK STORE" section.
- 4.
Review the list of snapshots to identify any publicly restorable snapshots.
- 5.
Select each publicly restorable snapshot and modify its permissions.
- 6.
In the snapshot details pane, go to the "Permissions" tab.
- 7.
Click on the "Modify Permissions" button.
- 8.
In the "Create volume permissions" section, click on the "Define more permissions" link.
- 9.
Remove the "Public" permission by selecting it and clicking on the "Revoke" button.
- 10.
Click "Save" to apply the changes.
- 11.
Repeat steps 5-10 for all publicly restorable snapshots identified in step 4.
- 12.
After updating the permissions for all affected snapshots, verify that they are no longer publicly restorable.
Note:
It is important to regularly monitor and audit the permissions of EBS snapshots to ensure ongoing compliance with the policy. Additionally, it is recommended to periodically recheck the snapshot permissions to address any potential misconfigurations.