Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS Snapshots Should Prohibit Public Access

Ensure that RDS snapshots do not allow public access to maintain data security.

RuleRDS snapshots should prohibit public access
FrameworkNIST 800-171 Revision 2
Severity
Critical

Rule Description: RDS (Relational Database Service) snapshots should have public access prohibited, following the guidelines set by NIST 800-171 Revision 2. This rule ensures that sensitive data stored in RDS snapshots is not accessible to unauthorized individuals or entities over public networks.

Troubleshooting Steps:

  2. 1.
    Check RDS Snapshot Configuration: Verify the current configuration settings of your RDS snapshots to identify if public access is permitted or prohibited.
  4. 2.
    Review Network Access Control Lists (ACLs): Examine the network ACLs associated with the RDS snapshots to ensure that no inbound or outbound rules allow public access.
  6. 3.
    Check Security Group Rules: Confirm that the inbound and outbound rules within the associated security groups allow access only to authorized networks or IP addresses.

Remediation Steps:

  2. 1.

    Identify Affected RDS Snapshots: Determine which RDS snapshots are currently allowing public access and need to be modified.

  4. 2.

    Modify Snapshot Access Permissions: Update the permissions of the identified snapshots to prohibit public access. This can be done through the AWS Management Console, AWS CLI, or SDKs.

  6. 3.

    AWS Management Console:

    • Sign in to the AWS Management Console.
    • Navigate to the RDS service.
    • Select "Snapshots" from the left-hand menu.
    • Look for the snapshots that need to be modified and click on them.
    • In the "Permissions" section, ensure that "Public - No" is selected.
    • Save the changes.
  8. 4.

    AWS CLI Command:

    • Install and configure AWS CLI if not already done.
    • Open a CLI terminal or command prompt.
    • Execute the following command: 
      aws rds modify-db-snapshot-attribute --db-snapshot-identifier <snapshot-identifier> --no-publicly-accessible
      Replace 
      <snapshot-identifier>
      with the identifier of the RDS snapshot that needs to be modified.
  10. 5.

    Repeat Step 4 for all affected RDS snapshots.

Note: Ensure that only authorized users or entities have access to the RDS snapshots by properly configuring network ACLs and security group rules. Regularly monitor and review the configuration to maintain compliance with the NIST 800-171 Revision 2 guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now