AWS-EC2-Amazon-EBS-Public-Snapshots

Severity : Critical

Description: This control ensures that AWS Elastic Block Store volume snapshots are not public. EBS volumes behave like raw, unformatted block devices. You can mount these volumes as devices on your instances. EBS volume snapshots can be made private through snapshot permissions.

Remediation Steps:

Perform following to update permission for EBS :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, choose Snapshots.

4. Select the snapshot and then choose Actions, Modify Permissions.

5. Choose the Private radio button.

6. Choose Save.

Important:

• Public snapshots of encrypted volumes are not supported, but you can share an encrypted snapshot with specific accounts.

Reference:

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html