RDS database cluster snapshot is publicly accessible

Data at risk

RDS database cluster snapshot is publicly accessible

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

CCM-CSA
cis_8
CSA CCM
GDPR
HITRUST
ISO 27701
New Zealand Information Security Manual
NIST 800-53
Orca Best Practices

Description

RDS database cluster snapshots are backups for RDS clusters and can be used to restore a cluster. RDS database cluster snapshot '{AwsRdsDbClusterSnapshot}' is publicly accessible. A public cluster snapshot allows all AWS accounts to copy the snapshot or restore a cluster from it. This means the data in it is exposed to all AWS accounts

Recommended Mitigation

We recommend not to share cluster snapshots publicly in order to protect your information. If a snapshot needs to be shared it should be shared privately with a trusted account. For more information about cluster snapshot sharing: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_ShareSnapshot.html

RDS database cluster snapshot is publicly accessible

Description

Need help?