This rule ensures RDS snapshots do not allow public access to prevent security risks.
Rule | RDS snapshots should prohibit public access |
Framework | NIST 800-53 Revision 4 |
Severity | ✔ Critical |
Rule Description:
According to the NIST 800-53 Revision 4 guidelines, it is recommended to prohibit public access to RDS snapshots.
RDS snapshots are point-in-time backups of your Amazon Relational Database Service (RDS) instances, containing all the database contents at that specific moment. Ensuring that the snapshots are not publicly accessible helps in maintaining data confidentiality and preventing unauthorized access.
Troubleshooting Steps:
If public access is allowed for RDS snapshots, it can pose a significant security risk. To troubleshoot this issue, follow these steps:
Remediation:
To prohibit public access for RDS snapshots, follow these step-by-step instructions:
Identify Relevant RDS Snapshots: Determine the RDS snapshots to which this rule should apply. This could include all existing snapshots or specific snapshots based on certain criteria.
Modify Snapshot Permissions:
Review and Audit Access Permissions:
Automate the Process:
Verification:
To verify that public access has been successfully prohibited for RDS snapshots, follow these steps:
Open the Amazon RDS console.
Locate the snapshots that were modified in the earlier steps.
Check the permissions associated with these snapshots, ensuring that the public access checkbox is not enabled.
Test access to the snapshots using a different AWS IAM user or role to confirm that only authorized entities can access them.
By following these steps, you can successfully prohibit public access for RDS snapshots and align with the NIST 800-53 Revision 4 guidelines for enhanced data security.