Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS Snapshots Should Prohibit Public Access

This rule ensures that RDS snapshots do not allow public access, with critical severity and full compliance.

RuleRDS snapshots should prohibit public access
FrameworkNIST 800-171 Revision 2
Severity
Critical

Rule Description:

RDS snapshots should prohibit public access to comply with NIST 800-171 Revision 2. Public access to RDS snapshots can pose a security risk as it enables unauthorized parties to potentially view or access sensitive data stored within the snapshots. By prohibiting public access, organizations can ensure the confidentiality and integrity of their data in compliance with NIST 800-171 Revision 2.

Troubleshooting Steps:

If public access to RDS snapshots is not prohibited, follow these troubleshooting steps to remediate the issue:

  1. 1.

    Verify the current configuration: Check if the RDS snapshots have public access enabled. You can do this through the AWS Management Console, AWS CLI, or AWS SDK.

  2. 2.

    Update security group settings: If public access is enabled, update the associated security groups to restrict access to authorized entities or IP ranges only. Deny access from 0.0.0.0/0 or any unauthorized IP addresses.

  3. 3.

    Apply new IAM policies: Ensure that the appropriate Identity and Access Management (IAM) policies are in place to restrict access to RDS snapshots. Modify the existing policies or create new ones to reflect the required restrictions.

  4. 4.

    Test accessibility: After making the necessary changes, verify that public access to RDS snapshots is no longer possible by attempting to access the snapshots from a non-authorized network or using a public IP address.

  5. 5.

    Monitor and review: Regularly monitor and review the RDS snapshots and their associated access settings to ensure continued compliance with the configured restrictions and NIST 800-171 Revision 2.

Necessary codes:

To update the security groups, you can use the following AWS CLI command:

aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol <protocol> --port <port> --cidr <authorized-cidr-block>

Replace

<security-group-id>
with the actual ID of the security group associated with the RDS snapshots. Specify the appropriate
<protocol>
(e.g., TCP, UDP) and
<port>
that need to be restricted. Finally, provide the
<authorized-cidr-block>
to set the allowed IP range.

Step-by-Step Remediation Guide:

Follow these steps to remediate the issue of public access to RDS snapshots:

  1. 1.

    Log in to the AWS Management Console.

  2. 2.

    Open the Amazon RDS service.

  3. 3.

    Select the appropriate RDS instance from the list.

  4. 4.

    In the left navigation panel, click on "Snapshots".

  5. 5.

    Identify the snapshots that have public access enabled. Look for any snapshots with a publicly accessible flag.

  6. 6.

    Update the associated security groups by performing the following steps:

    • Navigate to the Amazon EC2 service.
    • Select "Security Groups" from the left navigation panel.
    • Find and select the security group associated with the RDS snapshots.
    • Click on the "Inbound Rules" tab.
    • Remove any rules that allow unrestricted access (0.0.0.0/0) to the RDS snapshots.
    • Add new rules to allow access only from authorized entities or specific IP ranges.
  7. 7.

    Modify or create the IAM policies to restrict access to RDS snapshots if necessary.

  8. 8.

    Verify that public access to RDS snapshots has been successfully prohibited by attempting access from unauthorized networks or public IP addresses.

  9. 9.

    Monitor and review the RDS snapshots periodically to ensure compliance with the configured restrictions and NIST 800-171 Revision 2.

By following these steps, you would have successfully prohibited public access to RDS snapshots, thereby meeting the requirements of NIST 800-171 Revision 2.

Is your System Free of Underlying Vulnerabilities?
Find Out Now