lyft
AWS: Public RDS/EBS snapshot
Feature request
Title: AWS: Public RDS/EBS snapshot
Description:
It would be good to add AWS public RDS/EBS snapshot check.
[optional Relevant Links:]
https://www.cloudconformity.com/knowledge-base/aws/RDS/public-snapshots.html https://asecure.cloud/a/rds-snapshots-public-prohibited/
Just to make sure I understand, is this feature request asking to add RDS DB snapshots as nodes to the graph?
- Add RDS DB snapshots as nodes.
- Check the value of
DBSnapshotAttributes/AttributeValues
It would be good to add an analysis job.
Ah interesting:
From: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBSnapshotAttribute.html The attribute named restore refers to the list of AWS accounts that have permission to copy or restore the manual DB cluster snapshot. For more information, see the ModifyDBSnapshotAttribute API action.
I'm assuming you're thinking of an analysis job that would connect snapshots to the AWS accounts that are allowed to restore them?
I'm just considering to check whether AttributeValues are all.
It means any AWS user account can restore snapshots.
Ah I see, yeah that's super interesting.
We can't make any commitments on adding this feature at the moment but I like the idea a lot. If others have cycles to add/modify an intel module we'll be happy to give guidance.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}