EBS volume snapshot should not be shared with external accounts

Docs > Datadog Security > OOTB Rules > EBS volume snapshot should not be shared with external accounts

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This rule evaluates whether Amazon Elastic Block Store (Amazon EBS) volume snapshots are shared with external AWS accounts that are not onboarded to Datadog. EBS snapshots contain point-in-time copies of your volumes and may include sensitive data. Sharing snapshots with unauthorized external accounts can lead to data exposure and security risks.

The data contained in the create_volume_permissions field is enumerated and the following types of principals are assessed:

user_id - designates an AWS account

The control fails if any AWS account present in create_volume_permissions is not onboarded to Datadog.

Note: If the snapshot is shared with a trusted third-party AWS account that you cannot onboard to Datadog, mute the finding and leave a comment documenting the justification.

Remediation

To remove external account sharing permissions from Amazon EBS snapshots, follow the steps outlined in the Sharing an Amazon EBS snapshot section of the Amazon EC2 User Guide. For guidance regarding onboarding AWS accounts to Datadog, follow the Datadog AWS integration documentation to onboard the account. Ensure that resource collection and Cloud Security are correctly configured.