Rule: EBS Snapshots Should Not Be Publicly Restorable
Ensure that EBS snapshots are not publicly restorable for security compliance.
| Rule | EBS snapshots should not be publicly restorable |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ Medium |
Rule Description
The rule states that for environments hosted on AWS, EBS (Elastic Block Store) snapshots should not be publicly restorable for FedRAMP (Federal Risk and Authorization Management Program) Moderate Revision 4 compliance. This ensures that EBS snapshots containing sensitive data are not accessible to unauthorized individuals or entities.
Remediation Steps
To remediate this rule violation, follow the steps below:
Step 1: Identify Publicly Restorable EBS Snapshots
- 1.Log in to the AWS Management Console.
- 2.Navigate to the EC2 Dashboard.
- 3.In the left-hand navigation pane, click on "Snapshots."
- 4.Look for any EBS snapshots that have the "Public" attribute enabled.
Step 2: Disable Public Restorable Attribute
- 1.Select the publicly restorable EBS snapshot(s) that you identified in the previous step.
- 2.Click on the "Actions" dropdown menu above the list of snapshots.
- 3.Select "Modify Restores Permissions."
- 4.In the "Modify Restores Permissions" dialog box, uncheck the "Public" checkbox.
- 5.Click on the "Save" button to disable the public restorable attribute for the selected snapshots.
Step 3: Verify Changes
- 1.After saving the changes, verify that the public restorable attribute is disabled for the selected EBS snapshots.
- 2.Repeat Step 1 of the remediation process to confirm that there are no remaining publicly restorable snapshots.
Troubleshooting
If you encounter any issues during the remediation process, consider the following troubleshooting steps:
- 1.
Issue: Unable to locate the "Snapshots" option in the EC2 Dashboard.
- Solution: Ensure that you have the necessary permissions to access the EC2 service. If not, contact your AWS account administrator or IT team to grant the required privileges.
- 2.
Issue: Unable to change the restorable attribute for a snapshot.
- Solution: Verify that you have the correct IAM permissions to modify snapshot permissions. If necessary, contact your AWS account administrator or IT team to adjust your permissions accordingly.
- 3.
Issue: Changes are not being saved or applied.
- Solution: Check your internet connectivity and try again. If the issue persists, contact AWS support for technical assistance.
Additional Information
To prevent future violations of this rule, develop and implement a clear policy regarding the management and access controls for EBS snapshots. Regularly review and audit the permissions associated with sensitive snapshots to ensure compliance with security best practices.
Consider automating the process of checking and disabling the public restorable attribute for EBS snapshots by utilizing AWS CLI (Command Line Interface) or AWS SDKs (Software Development Kits). This will help streamline the enforcement of this rule across multiple AWS accounts or regions.