Rule: EBS Snapshots Should Not Be Publicly Restorable

Ensure that EBS snapshots are not publicly restorable for security compliance.

Rule	EBS snapshots should not be publicly restorable
Framework	FedRAMP Moderate Revision 4
Severity	✔ Medium

Rule Description

The rule states that for environments hosted on AWS, EBS (Elastic Block Store) snapshots should not be publicly restorable for FedRAMP (Federal Risk and Authorization Management Program) Moderate Revision 4 compliance. This ensures that EBS snapshots containing sensitive data are not accessible to unauthorized individuals or entities.

Remediation Steps

To remediate this rule violation, follow the steps below:

Step 1: Identify Publicly Restorable EBS Snapshots

1.
Log in to the AWS Management Console.

2.
Navigate to the EC2 Dashboard.

3.
In the left-hand navigation pane, click on "Snapshots."

4.
Look for any EBS snapshots that have the "Public" attribute enabled.

Step 2: Disable Public Restorable Attribute

1.
Select the publicly restorable EBS snapshot(s) that you identified in the previous step.

2.
Click on the "Actions" dropdown menu above the list of snapshots.

3.
Select "Modify Restores Permissions."

4.
In the "Modify Restores Permissions" dialog box, uncheck the "Public" checkbox.

5.
Click on the "Save" button to disable the public restorable attribute for the selected snapshots.

Step 3: Verify Changes

1.
After saving the changes, verify that the public restorable attribute is disabled for the selected EBS snapshots.

2.
Repeat Step 1 of the remediation process to confirm that there are no remaining publicly restorable snapshots.

Troubleshooting

If you encounter any issues during the remediation process, consider the following troubleshooting steps:

1.
Issue: Unable to locate the "Snapshots" option in the EC2 Dashboard.
- Solution: Ensure that you have the necessary permissions to access the EC2 service. If not, contact your AWS account administrator or IT team to grant the required privileges.

2.
Issue: Unable to change the restorable attribute for a snapshot.
- Solution: Verify that you have the correct IAM permissions to modify snapshot permissions. If necessary, contact your AWS account administrator or IT team to adjust your permissions accordingly.

3.
Issue: Changes are not being saved or applied.
- Solution: Check your internet connectivity and try again. If the issue persists, contact AWS support for technical assistance.

Additional Information

To prevent future violations of this rule, develop and implement a clear policy regarding the management and access controls for EBS snapshots. Regularly review and audit the permissions associated with sensitive snapshots to ensure compliance with security best practices.
Consider automating the process of checking and disabling the public restorable attribute for EBS snapshots by utilizing AWS CLI (Command Line Interface) or AWS SDKs (Software Development Kits). This will help streamline the enforcement of this rule across multiple AWS accounts or regions.

Rule: EBS Snapshots Should Not Be Publicly Restorable

.css-rso7cu{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#01130E;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 1: Identify Publicly Restorable EBS Snapshots

.css-rso7cu{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#01130E;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 2: Disable Public Restorable Attribute

.css-rso7cu{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#01130E;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 3: Verify Changes

Is your System Free of Underlying Vulnerabilities? Find Out Now

Step 1: Identify Publicly Restorable EBS Snapshots

Step 2: Disable Public Restorable Attribute

Step 3: Verify Changes

Is your System Free of Underlying Vulnerabilities?
Find Out Now