RDS instance snapshots should not be publicly shared
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
Secure your Amazon Relational Database Service (RDS) database snapshots by ensuring they are not publicly accessible.
Rationale
RDS Snapshots can be marked as public, allowing anyone the ability to copy the snapshot to their AWS account and create database instances from it. Unless a snapshot is being shared intentionally, it should be deleted.
From the console
Follow the Stop sharing a manual DB snapshot with an AWS account AWS Console docs.
From the command line
Run modify-db-snapshot-attribute with the snapshot identifier, attribute name, and values to remove. This removes permission from a particular AWS account to restore the DB snapshot.
aws rds modify-db-snapshot-attribute \
--db-snapshot-identifier yourdbsnapshot \
--attribute-name restore \
--values-to-remove "all"
