Ensure that your AWS Relational Database Service (RDS) database snapshots are not publicly accessible (i.e. shared with all AWS accounts and users) in order to avoid exposing your private data.
When you publicly share an AWS RDS database snapshot, you give another AWS account permission to both copy the snapshot and create database instances from it. Cloud Conformity strongly recommends against sharing your database snapshots with all AWS accounts. If required, you can share your RDS snapshots with a particular (friendly) AWS account without making them public.
To identify any publicly accessible RDS database snapshots within your AWS account, perform the following:
Case A: To restrict completely the public access to your RDS database snapshots and make them private (i.e. only accessible from the current AWS account), perform the following:
Case B: To restrict the public access to your RDS database snapshots and share them only with specific AWS accounts, perform the following: