Rule: EBS snapshots should not be publicly restorable

Ensure EBS snapshots are not publicly restorable to maintain data security.

Rule	EBS snapshots should not be publicly restorable
Framework	NIST 800-53 Revision 4
Severity	✔ Medium

EBS Snapshots Public Restorability Policy

Description

According to the NIST 800-53 Revision 4 security guideline, it is essential to ensure that Elastic Block Store (EBS) snapshots are not publicly restorable. By configuring this policy, you prevent unauthorized access to sensitive or confidential data stored in snapshots.

Troubleshooting Steps

If there are any issues with this policy, consider the following troubleshooting steps:

1.
Verify the policy configuration: Double-check if the policy is properly implemented and enforced.

2.
Examine snapshot permissions: Review the snapshot permissions and ensure that they are not set to public.

3.
Audit snapshot restoration: Monitor and audit snapshot restoration activities to identify any unauthorized attempts or misconfigurations.

Necessary Codes

There are no specific codes related to this policy. However, AWS provides API commands to manage EBS snapshots, which can be used to enforce this policy.

Remediation Steps

To enforce the policy of not allowing public restorability for EBS snapshots, follow these step-by-step remediation instructions:

1.
Identify publicly restorable snapshots:
- List all existing snapshots using the AWS CLI command:
  aws ec2 describe-snapshots
- Review the returned information to identify snapshots that have public "create volume permissions."

2.
Revoke public restorability:
- For each snapshot identified in the previous step, revoke public permissions using the AWS CLI command:
  aws ec2 modify-snapshot-attribute --snapshot-id <snapshot-id> --attribute createVolumePermission --operation-type remove --user-ids all

3.
Verify the change:
- Use the AWS CLI command to confirm that the public restorability is revoked for the snapshots in question:
  aws ec2 describe-snapshot-attribute --snapshot-id <snapshot-id> --attribute createVolumePermission
- Validate that the output shows no "createVolumePermissions" element.

4.
Periodic auditing:
- Regularly audit the status of EBS snapshot permissions to ensure compliance with the policy.
- Monitor and log snapshot restoration activities for potential security incidents.

Conclusion

By following the above procedure, you will successfully enforce the policy of disallowing public restorability for EBS snapshots, adhering to the NIST 800-53 Revision 4 security guideline. Regular monitoring and auditing of snapshot permissions will help maintain the integrity and security of your data.

Rule: EBS snapshots should not be publicly restorable

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Conclusion

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description

Troubleshooting Steps

Necessary Codes

Remediation Steps

Conclusion

Is your System Free of Underlying Vulnerabilities?
Find Out Now