QLDB Ledger using allow all permissions mode

Data protection

QLDB Ledger using allow all permissions mode

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

HITRUST
Orca Best Practices

Description

QLDB Ledgers are typically used to record sensitive information of an organization. By using permissions mode you can control the access to your QLDB Ledger. The ""Allow all"" permissions allows any user with command access on the ledger to manage all of its tables, indexes, and data. It was detected that the QLDB Ledger {AwsQldbLedger} is using ""Allow all"" permissions mode.

Recommended Mitigation

The ""Allow all"" is a legacy permissions mode that isn't recommended for new ledgers. The recommended permissions mode for new ledgers is ""Standard"", it enables you to control access to the ledger and its individual tables by using AWS IAM. For more information on how to change the permissions mode, see: https://docs.aws.amazon.com/qldb/latest/developerguide/ledger-management.basics.html#ledger-management.basics.update-permissions

QLDB Ledger using allow all permissions mode

Description

Need help?