Ensure that your AWS Relational Database Service (RDS) database snapshots are not publicly accessible (i.e. shared with all AWS accounts and users) in order to avoid exposing your private data.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When you publicly share an AWS RDS database snapshot, you give another AWS account permission to both copy the snapshot and create database instances from it. Cloud Conformity strongly recommends against sharing your database snapshots with all AWS accounts. If required, you can share your RDS snapshots with a particular (friendly) AWS account without making them public.
To identify any publicly accessible RDS database snapshots within your AWS account, perform the following:
Case A: To restrict completely the public access to your RDS database snapshots and make them private (i.e. only accessible from the current AWS account), perform the following:
Case B: To restrict the public access to your RDS database snapshots and share them only with specific AWS accounts, perform the following: