Security HUB RDS snapshots cannot be public finding

Question

Hello
Checking out the Security Hub findings, we have multiple reports of a CRITICAL issue with the description Security Hub
*RDS.1 RDS snapshot should be private * but the snapshots that are targeted are deleted and are no longer available in the AWS Console RDS snapshots tab. 
The Record state of the finding is ARCHIVED, but we don't get why the findings were triggered at all on those snapshots ( and also no trigger was found on the current existing ones ). All the snapshots that we have are encrypted and according with the documentation: *If the source is encrypted, DB snapshot visibility is set as Private because encrypted snapshots can't be shared as public.* so our snapshots should not have gotten in a public state at any point.
So what can be the cause of us seeing those Security Hub findings and how can we make sure we no longer have them?

Answer

Any news on this or work arounds? We got exactly the same issue and we generate automated emails on critical findings of the amazon event bridge. Getting false alerts is a bit annoying.

Answer

All snapshots are evaluated by RDS.1. Findings are triggered by the evaluation of the config rule backed by RDS.1. When the snapshot is deleted Config produces a NOT_AVAILABLE finding for the deleted resource which is translated in Security Hub as Record State = ARCHIVED.

Security HUB RDS snapshots cannot be public finding

相關內容