EBS volume snapshot should not be publicly shared
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
Secure Amazon Elastic Block Store (EBS) snapshots.
Rationale
Publicly shared Amazon EBS volume snapshots contain sensitive application data that can be seen, copied, and exploited.
From the console
Follow the AWS Share a snapshot documentation to learn how to modify snapshot sharing for both the console and the command line.
From the command line
Enter the following command with your snapshot ID to remove global sharing.
aws ec2 modify-snapshot-attribute \
--snapshot-id 1234567890abcdef0 \
--attribute createVolumePermission \
--operation-type remove \
--group-names all
Run the follow command with your snapshot ID to share a snapshot with a specific user ID.
aws ec2 modify-snapshot-attribute \
--snapshot-id 1234567890abcdef0 \
--attribute createVolumePermission \
--operation-type add \
--user-ids 123456789012