Rule: RDS Snapshots Should Prohibit Public Access
This rule ensures that RDS snapshots do not have public access, critical for data protection.
| Rule | RDS snapshots should prohibit public access |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Critical |
Rule Description
This rule is intended to enforce the security best practice of prohibiting public access to RDS snapshots. Publicly accessible RDS snapshots can pose a significant security risk by exposing sensitive data to unauthorized access. This rule aligns with the recommendations outlined in the NIST Cybersecurity Framework (CSF) version 1.
Troubleshooting Steps
If public access to RDS snapshots is allowed, it could indicate a misconfiguration in the AWS RDS settings. To troubleshoot and remediate the issue, follow the steps below:
- 1.Check RDS Snapshot Permissions: Verify the current permissions and access settings for RDS snapshots.
- 2.Ensure Public Access is Denied: Confirm that RDS snapshots are not publicly accessible.
- 3.Review Security Group Rules: Evaluate the security group settings associated with the RDS instances to ensure that public access is restricted.
- 4.Audit IAM Permissions: Review the IAM policies and roles to ensure that there are no unintended permissions that allow public access to RDS snapshots.
- 5.Monitor Access Logs: Enable detailed logging and monitoring for RDS snapshots to detect any unauthorized access attempts.
- 6.Apply Least Privilege Principle: Ensure that access to RDS snapshots is restricted only to authorized individuals or services.
Necessary Codes
There are no specific codes applicable to this rule as it deals with the configuration and permissions of RDS snapshots rather than code implementation.
Step-by-Step Guide for Remediation
To remediate the rule violation and prohibit public access to RDS snapshots, perform the following steps:
- 1.Access AWS Management Console: Log in to the AWS Management Console using appropriate credentials.
- 2.Navigate to RDS Service: Go to the Amazon RDS service dashboard.
- 3.Choose the RDS Instance: Select the RDS instance for which you want to prohibit public access to the snapshots.
- 4.Navigate to Snapshots: In the left-hand menu, click on "Snapshots" under the "Recovery" section.
- 5.Select Snapshot: Choose the snapshot in question that needs to be modified.
- 6.Modify Snapshot Permissions: Click on the "Modify" button to modify the permissions for the selected snapshot.
- 7.Deny Public Access: In the "Permissions" section, ensure that the "Public" checkbox is unchecked or set to "No."
- 8.Save Changes: Click on the "Save" button to save the modifications made to the snapshot permissions.
- 9.Repeat for Other Snapshots: Repeat steps 5 to 8 for any other snapshots that need to have public access denied.
- 10.Verify Changes: Double-check that all the RDS snapshots are no longer publicly accessible.
- 11.Monitor and Maintain: Continuously monitor and maintain the RDS snapshot permissions to ensure ongoing compliance with the prohibition of public access.
By following these steps, you can successfully remediate the violation and enforce the policy of prohibiting public access to RDS snapshots, thus aligning with the NIST CSF v1 recommendations.