AWS Config Rule: DocumentDB Cluster Snapshot Public Prohibited
DOCDB_CLUSTER_SNAPSHOT_PUBLIC_PROHIBITED
Eduardo Van Cauteren
Last Update hace 3 meses
Description: Checks if Amazon DocumentDB manual cluster snapshots are public. The rule is NON_COMPLIANT if any Amazon DocumentDB manual cluster snapshots are public.
Trigger type: Configuration changes
AWS Region: Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), South America (Sao Paulo), US East (N. Virginia), Asia Pacific (Seoul), Europe (London), Europe (Milan), Asia Pacific (Tokyo), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central) Region
How to Resolve Manually
This config rule checks whether a manual DocumentDB cluster snapshot is publicly shared. The rule will be flagged as non-compliant if a public snapshot is found. Notice that this rule only evaluate snapshots from unencrypted clusters, since these are the only ones than can public.
To resolve this, go to Amazon DocumentDB service within the AWS Console and select Snapshots from the lefthand side menu.
Look for the non compliant snapshot and click on the radio button next to the name to select it. Click on the Actions menu and click on Share. Ensure that the Private snapshot sharing is selected and click on the Save button. Check the following screenshot for further reference:
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
