Data at risk

EBS snapshot is shared with unknown AWS accounts

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Amazon EBS (Elastic Block Storage) provide block level storage service designed to be used with EC2 instances. EBS snapshot is a point-in-time copy of the data stored in a EBS volume. It was detected that the EBS snapshot {AwsEc2EbsSnapshot} is shared with AWS accounts that are not in your organization. The AWS accounts are: [{AwsEc2EbsSnapshot.UnknownPermittedCloudAccounts}]. These accounts have the ability to copy the EBS snapshot and even create a volume from it. The volume can then be attached to an EC2 instance, from which the data stored in the EBS volume can be accessed.
  • Recommended Mitigation

    It is recommended to ensure the EBS snapshot is shared only with trusted AWS accounts in order to prevent unauthorized users from copying and accessing the data stored in the snapshot. To edit the snapshot permissions, follow the instructions at: <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html#share-unencrypted-snapshot" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html#share-unencrypted-snapshot</a>