Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EBS Snapshots Should Not Be Publicly Restorable

This rule ensures that EBS snapshots are not set to be publicly restorable, maintaining data security and privacy.

RuleEBS snapshots should not be publicly restorable
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description

The rule "EBS snapshots should not be publicly restorable for NIST 800-53 Revision 5" ensures that Elastic Block Store (EBS) snapshots within an Amazon Web Services (AWS) environment are not publicly accessible for restoration. This rule aligns with the security control requirements specified in National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 5.

Troubleshooting Steps

If EBS snapshots are found to be publicly restorable, follow these troubleshooting steps:

  2. 1.
    Identify the affected EBS snapshots by examining the publicly restorable attribute.
  4. 2.
    Verify the security groups associated with the affected snapshots.
  6. 3.
    Review the access control policies and permissions for these security groups.
  8. 4.
    Determine if any misconfigurations or unintended access permissions are present.
  10. 5.
    Take necessary actions to restrict public restorability for the identified snapshots.

Rule Remediation

To remediate the issue of publicly restorable EBS snapshots, perform the following steps:

  2. 1.

    Login to the AWS Management Console or use the AWS Command Line Interface (CLI).

  4. 2.

    Identify the EBS snapshots that are publicly restorable.

  6. 3.

    For each affected snapshot, proceed with the following:

    CLI Command

    aws ec2 modify-snapshot-attribute --snapshot-id <snapshot-id> --create-volume-permission "{\"Add\":[]}"

    Replace 

    <snapshot-id>
    with the identifier of the affected EBS snapshot.

    Console Guide

    • Go to the EC2 service in the AWS Management Console.
    • Select "Snapshots" from the left-hand menu.
    • Locate the snapshot you wish to modify and select it.
    • Click on the "Actions" dropdown menu and choose "Modify Permissions".
    • Remove any public access permissions and confirm the changes.
  8. 4.

    Verify that the modified snapshots are no longer publicly restorable.

Note: Regular monitoring and auditing of EBS snapshots should be performed to ensure compliance with the rule and promptly address any misconfigurations or unintended exposure.

References

Is your System Free of Underlying Vulnerabilities?
Find Out Now