AWS RDS snapshots are accessible to public
Description
This policy is checking to ensure that database snapshots are not publicly accessible. Database snapshots are backups of your database that allow you to restore data from a particular point in time. Making these snapshots public can expose sensitive information, compromising the integrity and security of the data stored in your database. Therefore, it's crucial to keep these snapshots private to prevent unauthorized access and the potential misuse of your data.
Code Example
go
resource "aws_db_snapshot" "fail" {
db_instance_identifier = aws_db_instance.bar.id
db_snapshot_identifier = "testsnapshot1234"
- shared_accounts=["all"]
}Remediation
Terraform
- Resource: aws_db_snapshot
- Arguments: shared_accounts
To fix this issue, you need to ensure that `shared_accounts` is not set to `all`.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0349 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_302 |