Triage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of DocumentDB Cluster Snapshots being public in AWS RDS using the AWS Management Console, follow these steps:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in with your credentials.
- Navigate to DocumentDB Service: Click on the “Services” dropdown menu at the top left corner of the console, then select “DocumentDB” under the Database category.
- Select DocumentDB Cluster: From the DocumentDB dashboard, select the DocumentDB cluster for which you want to remediate the public snapshot issue.
-
Modify Snapshot Settings:
- In the left-hand navigation pane, click on “Snapshots” to view the list of snapshots associated with the selected cluster.
- Identify the public snapshot(s) that need to be remediated.
- Select the public snapshot by clicking on the checkbox next to it.
-
Update Snapshot Permissions:
- Click on the “Actions” dropdown menu above the list of snapshots.
- Select “Modify Snapshot Attribute” from the dropdown menu.
- In the Modify Snapshot Attribute window, uncheck the option for “Public” to make the snapshot private.
- Click on the “Modify Snapshot Attribute” button to save the changes.
-
Verify Changes:
- Once the modification is complete, verify that the snapshot is no longer public by checking the snapshot permissions.
- You can also try accessing the snapshot URL to confirm that it is no longer accessible publicly.
- Repeat for Other Public Snapshots: If there are multiple public snapshots across different clusters, repeat the above steps for each affected snapshot to ensure all snapshots are private.
Using CLI
Using CLI
To remediate the issue of DocumentDB Cluster Snapshots being public in AWS RDS, you can follow these steps using the AWS CLI:Step 1: List all the DocumentDB Cluster SnapshotsStep 2: Modify the permissions of the DocumentDB Cluster Snapshots to make them privateReplace Repeat steps 2 and 3 for each DocumentDB Cluster Snapshot that needs to be remediated.By following these steps, you can ensure that your DocumentDB Cluster Snapshots are no longer public and have the appropriate permissions set to maintain the security of your AWS RDS resources.
<snapshot-identifier> with the identifier of the DocumentDB Cluster Snapshot you want to modify.Step 3: Verify that the permissions have been modified successfullyUsing Python
Using Python
To remediate the issue of DocumentDB cluster snapshots being public in AWS RDS using Python, you can follow these steps:Make sure to install the
- Identify the Public Snapshots: Use the AWS SDK for Python (Boto3) to list all the DocumentDB cluster snapshots in your account and identify which snapshots are public.
- Modify Snapshot Permissions: For each public snapshot identified, modify the permissions to make them private. You can do this by removing the “all” permission grants and adding specific AWS account IDs or IAM roles that should have access to the snapshots.
boto3 library by running pip install boto3 before executing the script.This script will identify all public DocumentDB cluster snapshots and modify their permissions to make them private. Make sure to run this script with appropriate AWS credentials and permissions to modify the snapshot attributes.