By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security HUB RDS snapshots cannot be public finding

3

Hello Checking out the Security Hub findings, we have multiple reports of a CRITICAL issue with the description Security Hub *RDS.1 RDS snapshot should be private * but the snapshots that are targeted are deleted and are no longer available in the AWS Console RDS snapshots tab. The Record state of the finding is ARCHIVED, but we don't get why the findings were triggered at all on those snapshots ( and also no trigger was found on the current existing ones ). All the snapshots that we have are encrypted and according with the documentation: If the source is encrypted, DB snapshot visibility is set as Private because encrypted snapshots can't be shared as public. so our snapshots should not have gotten in a public state at any point. So what can be the cause of us seeing those Security Hub findings and how can we make sure we no longer have them?

Topics
Security, Identity, & ComplianceStorageAWS Well-Architected Framework
Tags
AWS Security HubAWS BackupSecurity
Language
English
AWS-User-2247800
asked 2 years ago599 views
2 Answers
1

Any news on this or work arounds? We got exactly the same issue and we generate automated emails on critical findings of the amazon event bridge. Getting false alerts is a bit annoying.

moritz
answered 9 months ago
  • Ville Lahdenvuo
    9 months ago

    Same here, we keep getting alerts from our CSOC about these "critical" findings...

  • ap49
    8 months ago

    We appear to have the same issue as well

-1

All snapshots are evaluated by RDS.1. Findings are triggered by the evaluation of the config rule backed by RDS.1. When the snapshot is deleted Config produces a NOT_AVAILABLE finding for the deleted resource which is translated in Security Hub as Record State = ARCHIVED.

AWS
nmangam-AWS
answered 2 years ago
  • Ville Lahdenvuo
    a year ago

    Seems like there is some sort of bug in the config rule because we are also getting these CRITICAL SecurityHub findings saying that our automated RDS snapshots are public, which is impossible since they are encrypted (and we have never set them public to begin with).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content