Contents x
      RDS database instance snapshot is not publicly shared
      • 25 Aug 2023
      • 1 Minute to read
      • Dark
        Light
      Contents

      RDS database instance snapshot is not publicly shared

      • Updated on 25 Aug 2023
      • 1 Minute to read
      • Dark
        Light
      Article summary

      Description

      Secure your Amazon Relational Database Service (RDS) database snapshots by ensuring they are not publicly accessible.

      Rationale

      RDS Snapshots can be marked as public, allowing anyone the ability to copy the snapshot to their AWS account and create database instances from it. Unless a snapshot is being shared intentionally, it should be deleted.

      Remediation

      From the console

      Follow the Stop sharing a manual DB snapshot with an AWS account AWS Console docs.

      From the command line

      Run modify-db-snapshot-attribute with the snapshot identifier, attribute name, and values to remove. This removes permission from a particular AWS account to restore the DB snapshot.

      aws rds modify-db-snapshot-attribute \
    --db-snapshot-identifier yourdbsnapshot \
    --attribute-name restore \
    --values-to-remove "all"
      What's Next