Rule: EBS Snapshots Should Not Be Publicly Restorable
This rule ensures that EBS snapshots are not publicly restorable to maintain data security.
| Rule | EBS snapshots should not be publicly restorable |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
Rule Description:
EBS snapshots, which are essentially backups of your Amazon Elastic Block Store (EBS) volumes, should not be publicly restorable for compliance with the CISA Cyber Essentials security framework. Publicly restorable snapshots can expose sensitive data and potentially allow unauthorized access to your cloud resources. To ensure the confidentiality and integrity of your EBS snapshots, it is crucial to restrict restore permissions to authorized users only.
Troubleshooting Steps:
- 1.Identify publicly restorable EBS snapshots: Use the AWS Management Console or AWS Command Line Interface (CLI) to search for snapshots that have public restore permissions.
aws ec2 describe-snapshots --query "Snapshots[?RestorableBy!='null']"
- 1.
Review the permissions: Analyze the permissions associated with the publicly restorable snapshots to determine if unauthorized users have restore access.
- 2.
Investigate the root cause: Identify why the snapshots became publicly restorable. It could be misconfigured permissions or a mistake during the snapshot creation process.
Remediation Steps:
- 1.Remove public restore permissions: Revoke the public restore permission from the EBS snapshots that are publicly restorable.
aws ec2 modify-snapshot-attribute --attribute restore --restore-permissions UserIds=All --snapshot-id <snapshot-id>
Ensure to replace
<snapshot-id>- 1.
Audit existing snapshots: Regularly audit your snapshots and verify that none have public restore permissions. If you identify any, follow step 1 to remove the permissions promptly.
- 2.
Enable default snapshot permissions: Enable the default snapshot permissions to ensure that newly created snapshots inherit the desired restore permissions. By doing so, you can avoid manual modifications for each snapshot.
aws ec2 modify-snapshot-attribute --create-volume-permission Default=retain
Additional Recommendations:
- 1.
Implement access controls: Implement rigorous access controls and least privilege principles for managing EBS snapshots. Only authorized users should have the ability to modify permissions or restore snapshots.
- 2.
Regularly monitor permissions: Use AWS CloudTrail or similar monitoring tools to detect any changes made to the snapshot restore permissions and take appropriate action if unauthorized changes are detected.
- 3.
Educate users: Raise awareness among your team members about the importance of maintaining proper permissions for EBS snapshots to prevent accidental exposure of sensitive data.
Remember to regularly review and remediate the restore permissions for your EBS snapshots to adhere to the CISA Cyber Essentials guidelines and maintain the security of your cloud infrastructure.