Rule: EBS Snapshots Should Not Be Publicly Restorable
This rule ensures that EBS snapshots are not publicly restorable to maintain data security.
| Rule | EBS snapshots should not be publicly restorable |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ Medium |
Rule Description:
The rule states that EBS snapshots for Federal Financial Institutions Examination Council (FFIEC) should not be publicly restorable. This means that the snapshots should not be accessible or restoreable by anyone outside the authorized users or resources within the organization.
Troubleshooting Steps:
- 1.Verify EBS Snapshot Settings: Check the current settings of the EBS snapshots to ensure that they are not publicly restorable.
- 2.Review Snapshot Permissions: Review the permissions assigned to the EBS snapshots and verify that they are only accessible by authorized users and resources.
- 3.Check Snapshot Sharing: Confirm that the EBS snapshots are not shared with any external accounts or entities.
- 4.Audit Snapshot Access: Conduct an audit of the EBS snapshot access logs to identify any unauthorized attempts or access.
Necessary Codes:
There are no specific codes required for this rule. However, you may need to use command-line interface (CLI) commands to check and modify EBS snapshot settings if required.
Remediation Steps:
Follow the step-by-step guide below to remediate the rule violation:
- 1.Login to the AWS Management Console.
- 2.Open the Amazon EC2 service dashboard.
- 3.Navigate to the "Snapshots" section.
Checking Snapshot Settings:
- 1.Identify the EBS snapshots associated with FFIEC instances.
- 2.Select the relevant snapshot.
- 3.Verify the snapshot permissions and make sure it is not publicly restorable.
- 4.If the snapshot is publicly restorable, proceed to modify the settings.
Modifying Snapshot Settings:
- 1.Select the snapshot that needs modification.
- 2.Click on the "Modify Permissions" or "Edit" option.
- 3.Remove any public access permissions or ensure that they are limited to authorized users or resources within the organization.
- 4.Save the changes and verify that the snapshot is no longer publicly restorable.
Reviewing Snapshot Sharing:
- 1.Navigate to the "Sharing" tab of the snapshot details page.
- 2.Ensure that the snapshot is not shared with any external accounts or entities.
- 3.Remove any unwanted or unauthorized sharing if identified.
Auditing Snapshot Access:
- 1.Access the Amazon CloudTrail service in the AWS Management Console.
- 2.Select the appropriate trail corresponding to the FFIEC instances.
- 3.Review the logs and search for any unauthorized attempts or access to the EBS snapshots.
- 4.Take necessary actions based on the findings to mitigate any security risks.
By following these steps and ensuring that EBS snapshots associated with FFIEC instances are not publicly restorable, you can maintain compliance with the specified rule or policy.
Note: It is crucial to regularly monitor and audit the EBS snapshots to identify any deviations from the desired settings and take immediate action to rectify them.