Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EBS Snapshots Should Not Be Publicly Restorable

This rule ensures that EBS snapshots are not set to be publicly restorable for security reasons.

RuleEBS snapshots should not be publicly restorable
FrameworkNIST 800-171 Revision 2
Severity
Medium

Rule Description

The rule states that EBS (Elastic Block Store) snapshots should not be publicly restorable for compliance with NIST 800-171 Revision 2.

Elastic Block Store (EBS) is a block-level storage volume used by Amazon Web Services (AWS) services like EC2 (Elastic Compute Cloud). EBS snapshots are point-in-time copies of these volumes, allowing for data backup, disaster recovery, and migrating to new instances.

To comply with NIST 800-171 Revision 2, it is crucial to ensure that EBS snapshots are not publicly restorable. This means that only authorized users or accounts should have the permission to restore snapshots.

Troubleshooting Steps

If EBS snapshots are publicly restorable, it can potentially lead to unauthorized access to sensitive data. Here are some troubleshooting steps to ensure compliance:

  1. 1.

    Identify publicly restorable EBS snapshots:

    • Access the AWS Management Console.
    • Navigate to the EC2 Dashboard.
  2. 2.

    Find the EBS snapshots:

    • In the left-hand menu, click on "EBS Snapshots."
    • Look for any snapshots with a "Public" status.
  3. 3.

    Remove public restore permissions:

    • Select the publicly restorable snapshot(s).
    • Click on the "Actions" button and choose "Modify Permissions."
  4. 4.

    Modify snapshot permissions:

    • In the "Modify Permissions" window, uncheck the "Public" option.
    • Ensure that only authorized AWS accounts or users are listed as "Specific accounts or groups" with restore permissions.
  5. 5.

    Confirm changes:

    • Click on the "Save" button to apply the modified permissions.
    • Verify that the snapshot no longer has a "Public" status.

Necessary Code

There is no specific code required for this rule as it involves modifying permissions through the AWS Management Console. However, the AWS CLI (Command Line Interface) can be used for scripting or automation purposes.

Remediation Guide

Follow these step-by-step instructions, leveraging AWS Management Console, to remediate the EBS snapshots that are publicly restorable:

  1. 1.

    Open the AWS Management Console and sign in to your AWS account.

  2. 2.

    Navigate to the EC2 Dashboard by clicking on "Services" in the top menu and selecting "EC2" from the dropdown.

  3. 3.

    On the EC2 Dashboard, locate and click on "EBS Snapshots" in the left-hand menu.

  4. 4.

    Review the list of EBS snapshots to identify any with a "Public" status. These are the snapshots that need to be addressed to meet compliance with NIST 800-171 Revision 2.

  5. 5.

    Select the publicly restorable snapshot(s) by checking the corresponding checkbox(es).

  6. 6.

    Click on the "Actions" button above the snapshot list and choose "Modify Permissions" from the dropdown menu.

  7. 7.

    In the "Modify Permissions" window that appears, you will see a checkbox labeled "Public." Ensure that the checkbox is unchecked.

  8. 8.

    Verify that the restore permissions are correctly configured by ensuring that only authorized AWS accounts or users are listed under the "Specific accounts or groups" section.

  9. 9.

    Click the "Save" button to apply the modified permissions to the selected snapshot.

  10. 10.

    Verify that the snapshot no longer has a "Public" status by checking the snapshot list again.

  11. 11.

    Repeat the above steps for any other publicly restorable EBS snapshots until all are remediated.

By following these steps, the EBS snapshots in your AWS account will no longer be publicly restorable, thereby meeting the compliance requirements of NIST 800-171 Revision 2.

Is your System Free of Underlying Vulnerabilities?
Find Out Now