Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS Snapshots Should Prohibit Public Access

This rule ensures that RDS snapshots do not have public access, maintaining data security.

RuleRDS snapshots should prohibit public access
FrameworkNIST 800-171 Revision 2
Severity
Critical

Rule Description

According to NIST 800-171 Revision 2, it is crucial to ensure the security of RDS snapshots by prohibiting public access. This rule ensures that snapshots containing sensitive data are not accidentally exposed to unauthorized entities or made accessible to the public.

Rule Explanation

By implementing this rule, you are enforcing strict access controls on your RDS snapshots. Public access to the snapshots will be disabled, preventing unauthorized users from viewing or accessing the snapshot data. This ensures compliance with NIST 800-171 Revision 2 and helps protect sensitive information from potential security breaches.

Troubleshooting Steps

If you encounter any issues or errors while trying to prohibit public access to RDS snapshots, you can follow these troubleshooting steps:

  1. 1.

    Verify AWS Identity and Access Management (IAM) Policies: Ensure that the IAM policies associated with the user or role attempting to modify the snapshot access settings allow the necessary permissions to modify snapshot permissions. Update the policies if needed.

  2. 2.

    Check Snapshot Permissions: Double-check the current permissions for the RDS snapshot. Confirm that the snapshot is not configured for public access. If it is, proceed with modifying the permissions to prohibit public access.

  3. 3.

    Verify Network and Firewall Settings: Ensure that network and firewall settings are not blocking the necessary communication required for modifying snapshot permissions. Adjust the settings if required to allow the necessary traffic.

  4. 4.

    Grant Sufficient Time: RDS snapshot permission changes may take some time to propagate across AWS services. If you have recently made changes, wait for a few minutes and recheck the permissions to see if the changes have taken effect.

  5. 5.

    Review AWS Documentation and Forums: Refer to relevant AWS documentation, user guides, and forums to see if others have encountered a similar issue and found resolution steps. AWS provides detailed documentation and a helpful community that might have suggestions or solutions.

Necessary Codes

No specific codes are required for this rule. However, you can use the AWS Command Line Interface (CLI) to modify the snapshot permissions. Instructions for using the CLI for this purpose are provided in the following step-by-step guide.

Step-by-Step Guide for Remediation

  1. 1.

    Open the AWS Management Console and navigate to the RDS service.

  2. 2.

    Select the appropriate region in the top-right corner if necessary.

  3. 3.

    On the left-hand side, click on "Snapshots" to view the list of RDS snapshots.

  4. 4.

    Identify the snapshot for which you want to prohibit public access and click on its name to access its details.

  5. 5.

    In the snapshot details page, click on the "Permissions" tab.

  6. 6.

    Review the snapshot permissions to ensure that public access is not already allowed. If public access is already enabled, proceed to the next step. Otherwise, the snapshot is already compliant with the rule.

  7. 7.

    Open the Command Line Interface (CLI) and ensure you have the necessary IAM permissions to modify RDS snapshot permissions.

  8. 8.

    Execute the following AWS CLI command to modify the snapshot permissions, replacing "snapshot-identifier" with the actual identifier of the snapshot you want to modify:

aws rds modify-db-snapshot-attribute --db-snapshot-identifier snapshot-identifier --attribute-name restore --values-to-add all --values-to-remove public
  1. 1.

    Wait for the command to execute successfully. This process may take some time to propagate across AWS services.

  2. 2.

    Once the command is executed successfully, return to the snapshot details page in the AWS Management Console and verify that public access has been successfully disabled.

  3. 3.

    Repeat these steps for any other RDS snapshots that need to have public access prohibited.

By following these steps, you can successfully configure RDS snapshots to comply with the NIST 800-171 Revision 2 rule by prohibiting public access.

Is your System Free of Underlying Vulnerabilities?
Find Out Now