By using AWS re:Post, you agree to the Terms of Use
/Security HUB RDS snapshots cannot be public finding/

Security HUB RDS snapshots cannot be public finding


Hello Checking out the Security Hub findings, we have multiple reports of a CRITICAL issue with the description Security Hub *RDS.1 RDS snapshot should be private * but the snapshots that are targeted are deleted and are no longer available in the AWS Console RDS snapshots tab. The Record state of the finding is ARCHIVED, but we don't get why the findings were triggered at all on those snapshots ( and also no trigger was found on the current existing ones ). All the snapshots that we have are encrypted and according with the documentation: If the source is encrypted, DB snapshot visibility is set as Private because encrypted snapshots can't be shared as public. so our snapshots should not have gotten in a public state at any point. So what can be the cause of us seeing those Security Hub findings and how can we make sure we no longer have them?

1 Answers

All snapshots are evaluated by RDS.1. Findings are triggered by the evaluation of the config rule backed by RDS.1. When the snapshot is deleted Config produces a NOT_AVAILABLE finding for the deleted resource which is translated in Security Hub as Record State = ARCHIVED.

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions