Cloud security is one of the most crucial aspects of cloud computing. Organizations want their cloud infrastructure to attain maximum security which will allow them to deploy their data, resources and focus on their business rather than getting worried about security threats. RDS is the relational database service provided by AWS and it is the need of the hour to make sure that your database is safe from any kind of potential security attack.
What is AWS RDS snapshot?
Amazon RDS (Relational Database Service) provides various utilities to their users. One of them is the provision of creating multiple snapshots of your relational database. Snapshots are basically the backup of your instances created and stored in AWS S3 for the recovery purpose of the data. RDS creates a storage volume snapshot of your DB instance and backs up the entire DB instance instead of taking backup of just individual databases.
Why are public RDS snapshots a major threat to your cloud security?
It is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat.
If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. Other AWS users can not only access and copy your data but can also create a volume out of it. There might be a situation where you can have numerous snapshots created in your cloud infrastructure and you might be unaware of any public snapshot which may contain any sensitive information which is not supposed to be shared.
Centilytics comes into the picture
Centilytics lists down all your RDS public snapshots in your cloud infrastructure and allows the user to analyze and act against them from the AWS console.
Insight descriptions:
There can be 2 possible scenarios:
| Severity | Description |
 OK |
If RDS snapshot is private and cannot be accessed by any other AWS account without permission, then there will be a green indication corresponding to that RDS snapshot. |
 CRITICAL |
If a snapshot is marked public and can be accessed by other AWS accounts, then there will be a red indication corresponding to that RDS snapshot. |
Description of further columns are as follows:
1.Account Id: Shows the respective account ID of user’s account.
- Account Name: Shows corresponding account name to the user’s account.
- Region: Shows the region in which the corresponding snapshot exists.
- DB Snapshot Identifier: Shows the corresponding name of the snapshot.
- DB Instance Identifier: Shows the corresponding database instance name.
- Identifier: This column shows the unique ARN or Amazon Resource Name corresponding to the resource. ARN is defined as a unique file naming convention which is used to identify and differentiate between multiple resources across AWS.
Filters applicable:
| Filter Name | Description |
| Account Id | Applying the account Id filter will display data for the selected account Id. |
| Region | Applying the region filter will display data according to the selected region. |
| Severity | Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and OK severity types |
| Resource Tags | Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment. |
| Resource Tags Value | Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided. |
Compliances covered:
| Compliance Name | Reference No. | Link |
| Trusted Advisor | – | https://console.aws.amazon.com/trustedadvisor/home?#/category/security |
Read More:
[1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
[2] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateSnapshot.html