Publicly shared RDS snapshot







EXPLOITABILITY Exploitability of a vulnerability measures how easy it is for an attacker to discover and exploit the vulnerability, some might refer to this as likelihood.

IMPACT How impactful to your environment and organization a successful exploitation of this vulnerability is expected to be.




RDS snapshots can be shared publicly through the AWS console or AWS CLI. The feature request landed in 2015 as a request from the data science community. Most data sets that customers store contain sensitive data.

Understanding Impact

Business Impact

RDS instances are managed databases. RDS snapshots are for example frequently used for backups. Sharing an RDS snapshot publicly allows anyone to access all the data inside of the database.

Technical Impact

RDS snapshots can be shared with specific AWS accounts, but can also inadvertently be made public. Publicly sharing an RDS snapshot is likely a sign of an unintended misconfiguration.

Identify affected resources

You can use the following AWS CLI command to identify publicly accessible RDS snapshots in your account:

aws rds describe-db-snapshots --snapshot-type manual --include-public
aws rds describe-db-snapshots --snapshot-type automated --include-public
aws rds describe-db-snapshots --snapshot-type awsbackup --include-public

Remediate vulnerable resources

To stop an RDS snapshot from being publicly shared, you can use the following AWS CLI command:

aws rds modify-db-snapshot-attribute \
  --db-snapshot-identifier <your-snapshot> \
  --attribute-name "restore" \
  --values-to-remove "all"

Instead, you can share the RDS snapshot with specific accounts.

How Datadog can help

Cloud Security Management

Datadog Cloud Security Management detects this vulnerability using the out-of-the-box rule "Datadog CSM Misconfigurations Rule | RDS database instance snapshots should not be publicly shared".


Sharing a DB snapshot

aws documentation

Hundreds of Amazon RDS Instances Leaking Users' Personal Data

Amazon RDS now supports sharing database snapshots across accounts

Did you find this article helpful?

Related Vulnerabilities and Threats