EBS volume snapshot should not be publicly shared

문서 > Datadog 보안 > OOTB Rules > EBS volume snapshot should not be publicly shared

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Secure Amazon Elastic Block Store (EBS) snapshots.

Rationale

Publicly shared Amazon EBS volume snapshots contain sensitive application data that can be seen, copied, and exploited.

Remediation

From the console

Follow the AWS Share a snapshot documentation to learn how to modify snapshot sharing for both the console and the command line.

From the command line

Enter the following command with your snapshot ID to remove global sharing.

 aws ec2 modify-snapshot-attribute \
    --snapshot-id 1234567890abcdef0 \
    --attribute createVolumePermission \
    --operation-type remove \
    --group-names all

Run the follow command with your snapshot ID to share a snapshot with a specific user ID.

 aws ec2 modify-snapshot-attribute \
     --snapshot-id 1234567890abcdef0 \ 
     --attribute createVolumePermission \
     --operation-type add \
     --user-ids 123456789012