This plugin ensures Elastic Block Store volume snapshots are private by scanning the findings of AWS Trusted Advisor
Risk Level: High
Description
This plugin ensures Elastic Block Store volume snapshots are private by scanning the findings of AWS Trusted Advisor. Setting EBS snapshots permission to the public can expose the sensitive data present in the EBS volume of EC2 instances. It is highly recommended to set its permission to private.
About the Service
Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.
Impact
EBS snapshots can contain critical information of the running EC2 instances. Exposing them to the public can allow anyone over the Internet to access the data which is a serious security threat.
Steps to Reproduce
Using AWS EC2 Console-
- Log In to your AWS Console.
- Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in.
- Move to the Snapshots in the Elastic Block Store section from the left navigation pane.
- You will find a list of Snapshots available. Select the one you wish to examine by clicking on the checkbox next to it.
- Move to the Permissions tab. If it says “This snapshot is currently Public”, the vulnerability exists.
- Repeat steps 4 to 5 for all the Snapshots you want to investigate.
Using AWS Trusted Advisor Console-
- Log in to your AWS Console.
- Open the Trusted Advisor Console. You can use this link (https://console.aws.amazon.com/trustedadvisor) to navigate directly if already logged in.
- Under the Recommended Action section find if there are any findings related to Public EBS snapshots.
- Mark the resources identified by the AWS Trusted advisor. These are the vulnerable EBS snapshots.
Steps for Remediation
Ensure that each Elastic Block Store snapshot has its permissions set to private:
- Log In to your AWS Console.
- Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in.
- Move to the Snapshots in the Elastic Block Store section from the left navigation pane.
- You will find a list of Snapshots available. Select the vulnerable snapshot by clicking on the checkbox next to it.
- Move to the Permissions tab and click on the Edit button.
- Modify the Permissions to Private and click on Save after doing the changes. You can also add the Account Number of other AWS accounts you wish to share the snapshot with.
- Repeat steps 4 to 6 for all the vulnerable Snapshots.