AWS-RDS-Snapshots-Cluster-Public

Severity: Critical

Description: This control ensures that database instance snapshot is not publicly visible. Configuring "DB snapshot visibility" to public makes database snapshot visible to all AWS accounts and users. When snapshot is made public, Any AWS account user can copy it impacting confidentiality of the data stored in database. It is recommended that DB snapshot visibility should be private.

Remediation Steps:

Perform following to update RDS access rules :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to RDS console.

3. In the navigation pane, Click on Snapshots.

4. Click on Snapshot Name to open properties.

5. Click the Actions, select Share Snapshot.

6. Set DB snapshot Visibility to Private.

7. To share the snapshot with other trusted AWS Accounts, Add AWS account ID.

8. Click Save.

Important:

• If there is a business need to expose database instance over public networks, configure security group rules to restrict traffic only to the trusted Public IPs.

Reference :

• Sharing a DB snapshot for Amazon RDS - Amazon Relational Database Service