Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshots

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In AWS Console -

Sign in to AWS Console and go to Amazon RDS console.
Select Snapshots in navigation pane.
Click on the public tab to view the public instances.

In Terraform -

In the aws_db_snapshot resource, set snapshot_type to some value other than public or shared. Available options are automated, manual, and awsbackup.

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_snapshot

Policy Details

Rule Reference ID: AC_AWS_0437

CSP: AWS

Remediation Available: Yes

Domain: Infrastructure Security

Resource: aws_db_snapshot

Resource Category: Database

Resource Type: DB Instance

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics