v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2.2.2 Ensure public access to EBS Snapshots is disabled

Description

To protect your data disable the public mode of EBS snapshots.

This protects your data so that it is not accessible to all AWS accounts preventing accidental access and leaks.

Remediation

Perform the following to set a snapshot to private:

From Console:

  1. Login to the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the left pane click Snapshots.
  3. Select the snapshot then click 'Actions, Modify Permissions`.
  4. Click the radio button for Private.
  5. Click Save.
  6. Repeat for any additional Snapshots, Regions and AWS accounts.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_2_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_2_2 --share

SQL

This control uses a named query:

ebs_snapshot_not_publicly_restorable

Tags

category = Compliance
cis = true
cis_item_id = 2.2.2
cis_level = 1
cis_section_id = 2.2
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/EBS