<  Back to rules search

RDS snapshot is not publicly accessible

rds

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Secure your Amazon Relational Database Service (RDS) database snapshots.

Rationale

Snapshots that are publicly available give other AWS accounts permission to copy a snapshot and create database instances from it, potentially exposing your private data.

Remediation

Console

Follow the Stop sharing a manual DB snapshot with an AWS account AWS Console docs.

CLI

Run modify-db-snapshot-attribute with the snapshot identifier, attribute name, and values to remove. This removes permission from a particular AWS account to restore the DB snapshot.











modify-db-snapshot-attribute.sh

    aws rds modify-db-snapshot-attribute
        --db-snapshot-identifier yourdbsnapshot
        --attribute-name restore
        --values-to-remove 1111222233333