This rule ensures that EBS snapshots are not publicly restorable to maintain data security.
Rule | EBS snapshots should not be publicly restorable |
Framework | FedRAMP Moderate Revision 4 |
Severity | ✔ Medium |
Rule Description:
This rule is implemented to ensure the security and compliance of EBS (Elastic Block Store) snapshots in the context of the FedRAMP (Federal Risk and Authorization Management Program) Moderate environment, specifically in accordance with Revision 4 guidelines. The rule mandates that EBS snapshots should not be publicly restorable.
Reason for the Rule:
Publicly restorable EBS snapshots pose a significant security risk as they may expose sensitive data to unauthorized access. By disallowing the public restoration of EBS snapshots, the rule helps protect against data leakage and unauthorized tampering or access to snapshot content.
Troubleshooting Steps (if applicable):
If an EBS snapshot is found to be publicly restorable, follow the below troubleshooting steps to address the issue:
Note: If the publicly restorable option is grayed out, make sure you have the necessary permissions to modify snapshot permissions. Contact your system administrator or AWS account owner to request appropriate access.
Necessary Codes (if applicable):
There are no specific codes provided for this rule as the configuration change can be made through the AWS Management Console.
Remediation Steps:
Follow the step-by-step guide below to remediate the issue of publicly restorable EBS snapshots:
By following these steps, the EBS snapshots will no longer be publicly restorable, reducing the security risk associated with unauthorized access to sensitive data.
Remember to implement appropriate access controls and permissions for EBS snapshots to ensure that only authorized users can restore or modify them as needed, following organizational policies and best practices.