Rule: EBS Snapshots Should Not Be Publicly Restorable
This rule ensures that EBS snapshots are not publicly restorable to maintain data security.
| Rule | EBS snapshots should not be publicly restorable |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description
The rule specifies that Elastic Block Store (EBS) snapshots should not be publicly restorable according to the guidelines provided by the National Institute of Standards and Technology (NIST) 800-171 Revision 2. This means that the ability to restore EBS snapshots should be restricted to authorized users only and should not be open to the public or unauthorized individuals.
Remediation Steps
To remediate this rule, you need to ensure that EBS snapshots are not publicly restorable. Here is a step-by-step guide to accomplishing this:
- 1.
Identify publicly restorable EBS snapshots: Use the AWS Command Line Interface (CLI) or AWS Management Console to search for any EBS snapshots that are currently publicly restorable. This can be done by listing all the snapshots and checking for the "Public" attribute.
CLI Command:
aws ec2 describe-snapshots --query 'Snapshots[?Encrypted==`false` && Public==`true`]' --region <region> - 2.
Modify snapshot permissions: For each publicly restorable EBS snapshot identified in the previous step, modify the snapshot permissions to remove public accessibility. This can be done using the AWS CLI or AWS Management Console.
CLI Command:
aws ec2 modify-snapshot-attribute --snapshot-id <snapshot-id> --attribute createVolumePermission --group all --region <region> - 3.
Enable encryption: Enable encryption for all EBS snapshots to enhance their security and prevent unauthorized access. You can use AWS Key Management Service (KMS) to manage the encryption keys.
CLI Command:
aws ec2 copy-snapshot --source-snapshot-id <snapshot-id> --encrypted --kms-key-id <kms-key-id> --region <region> - 4.
Regularly monitor permissions: Continuously monitor the permissions of EBS snapshots to ensure they are not accidentally made publicly restorable. Implement a schedule or automated monitoring process to detect any changes to snapshot permissions.
- 5.
Implement IAM policies: Implement and enforce Identity and Access Management (IAM) policies to control access to the EBS snapshots. Restrict the restore permissions to authorized users or roles only.
- 6.
Train and educate users: Train and educate your organization's users on the importance of not making EBS snapshots publicly restorable and the potential risks associated with unauthorized access. Promote a security-first mindset and encourage best practices to prevent accidental misconfigurations.
By following these steps, you can ensure that EBS snapshots are not publicly restorable and stay compliant with the NIST 800-171 Revision 2 guidelines.