Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EBS Snapshots Should Not Be Publicly Restorable

This rule ensures that EBS snapshots are not publicly restorable to protect sensitive data.

RuleEBS snapshots should not be publicly restorable
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description

This rule is based on NIST 800-53 Revision 5 and it states that Elastic Block Store (EBS) snapshots should not be publicly restorable. EBS snapshots are point-in-time copies of Amazon EBS volumes, and they can be used to back up data or clone volumes within the Amazon Web Services (AWS) infrastructure. Publicly restorable snapshots can expose sensitive data and increase the risk of unauthorized access or data breaches.

Troubleshooting Steps

The following troubleshooting steps can be taken if there are any issues related to this rule:

  2. 1.
    Identify publicly restorable EBS snapshots: Run a query or use AWS CLI to identify any publicly restorable EBS snapshots in your AWS account.
  4. 2.
    Review snapshot permissions: Check the permissions of the identified snapshots to ensure that they are not publicly accessible.
  6. 3.
    Update snapshot permissions: If any publicly restorable snapshots are found, update their permissions to restrict public access.

Required Codes

The following AWS CLI command can be used to update the permissions of an EBS snapshot:

aws ec2 modify-snapshot-attribute --snapshot-id <snapshot-id> --attribute createVolumePermission --group-names all

Replace 

<snapshot-id>
with the actual ID of the EBS snapshot that needs to be modified.

Remediation Steps

Follow these step-by-step guides to remediate the issue of publicly restorable EBS snapshots:

  2. 1.

    Identify publicly restorable EBS snapshots:

    • Access the AWS Management Console.
    • Go to the EC2 service.
    • In the left navigation pane, click on "Snapshots" under the "Elastic Block Store" category.
    • Review the list of EBS snapshots and note down any snapshots that have public restorable permissions.
  4. 2.

    Update snapshot permissions:

    • Open the AWS CLI or AWS PowerShell console.
    • Execute the following command to update the snapshot permissions (replace 
      <snapshot-id>
      with the ID of each publicly restorable snapshot): 
      aws ec2 modify-snapshot-attribute --snapshot-id <snapshot-id> --attribute createVolumePermission --group-names all
    • Repeat the above command for each publicly restorable snapshot that needs to be restricted.
  6. 3.

    Verify permissions update:

    • Refresh the "Snapshots" page in the EC2 console.
    • Ensure that the permissions of the snapshots have been modified and are no longer publicly restorable.

Conclusion

Following the NIST 800-53 Revision 5 recommendation, it is important to ensure that EBS snapshots are not publicly restorable. By following the provided troubleshooting steps, necessary codes, and remediation guides, you can mitigate the risk of unauthorized access to sensitive data stored in EBS snapshots and maintain the security of your AWS resources.

Is your System Free of Underlying Vulnerabilities?
Find Out Now