<  Back to rules search

EBS volume snapshot is not publicly shared with other AWS accounts

ebs

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Secure Amazon Elastic Block Store (EBS) snapshots.

Rationale

Publicly shared Amazon EBS volume snapshots contain sensitive application data that can be seen, copied, and exploited.

Remediation

Console

Follow the EBS encryption docs to learn how to implement EBS encryption. Public snapshots, which are encrypted by default, are not supported

**Note**: You can share an encrypted snapshot with specific accounts.

CLI

  1. Run enable-ebs-encryption-by-default to enable encryption for your account in the current region.

  2. Run get-ebs-encryption-by-default to confirm encryption is enabled.

See the Set encryption defaults using the API and CLI docs for additional commands related to EBS encryption.