Rule: EBS Snapshots Should Not Be Publicly Restorable
This rule ensures that EBS snapshots are not publicly restorable for security reasons.
| Rule | EBS snapshots should not be publicly restorable |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Medium |
Rule Description:
The rule states that EBS (Elastic Block Store) snapshots should not be publicly restorable as per the RBI (Reserve Bank of India) Cyber Security Framework. This means that the EBS snapshots, which are used to back up data on Amazon Web Services (AWS), should not be accessible or restorable by anyone who is not authorized or does not have the required permission.
Troubleshooting Steps:
- 1.
Verify Permissions:
- Check the snapshot's permissions and ensure that only authorized individuals or roles have permissions to access and restore the snapshots.
- Use the AWS Identity and Access Management (IAM) service to review and modify the permissions associated with the snapshots.
- 2.
Disable Public Restores:
- Check if any EBS snapshots have the option for public restores enabled. If so, disable this option to prevent unauthorized access.
- Use the AWS Management Console or AWS Command Line Interface (CLI) to modify the snapshot settings and disable public restores.
Necessary Codes:
There are no specific codes required to implement this rule. However, the following AWS CLI command can be used for modifying snapshot permissions:
aws ec2 modify-snapshot-attribute --snapshot-id <snapshot-id> --attribute createVolumePermission --operation-type remove --user-ids all
This command will remove all user IDs from the snapshot's create volume permissions, effectively restricting public access. Replace
<snapshot-id>Step-by-Step Guide for Remediation:
Follow these steps to ensure that EBS snapshots are not publicly restorable:
- 1.
Step One - Identify EBS Snapshots:
- Log in to the AWS Management Console.
- Go to the EC2 service dashboard.
- Select the appropriate AWS region where your EBS snapshots are located.
- Click on "Snapshots" from the left-hand menu to view all available snapshots.
- 2.
Step Two - Check Snapshot Permissions:
- Review each snapshot and check its permissions.
- Click on a specific snapshot to view its details.
- Look for the "Permissions" section and verify that only authorized users or roles have access.
- 3.
Step Three - Modify Snapshot Permissions:
- If any unauthorized users or roles have access, modify the snapshot permissions.
- Either remove the unauthorized users or roles completely or restrict their permissions.
- 4.
Step Four - Disable Public Restores:
- Check if any snapshots have the option for public restores enabled.
- If public restores are enabled, disable this setting to prevent unauthorized access to the snapshot.
- Use the AWS Management Console or AWS CLI to modify the snapshot settings and disable public restores.
- 5.
Step Five - Repeat for All Snapshots:
- Repeat steps two to four for all EBS snapshots in the AWS region.
- Ensure that all snapshots have appropriate permissions and public restores are disabled.
By following the above steps, you can ensure that EBS snapshots are not publicly restorable, as required by the RBI Cyber Security Framework.