RDS instance snapshots should not be publicly shared

문서 > Datadog 보안 > OOTB Rules > RDS instance snapshots should not be publicly shared

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Secure your Amazon Relational Database Service (RDS) database snapshots by ensuring they are not publicly accessible.

Rationale

RDS Snapshots can be marked as public, allowing anyone the ability to copy the snapshot to their AWS account and create database instances from it. Unless a snapshot is being shared intentionally, it should be deleted.

Remediation

From the console

Follow the Stop sharing a manual DB snapshot with an AWS account AWS Console docs.

From the command line

Run modify-db-snapshot-attribute with the snapshot identifier, attribute name, and values to remove. This removes permission from a particular AWS account to restore the DB snapshot.

aws rds modify-db-snapshot-attribute \
    --db-snapshot-identifier yourdbsnapshot \
    --attribute-name restore \
    --values-to-remove "all"