How to update a user owned public EBS Snapshot to private

Pragti Chauhan
Feature image


AWS allows the creation of snapshots of EBS volumes. These snapshots can then be used to create / restore volumes and attach to an instance. These snapshots have permissions on them which can make them either public or private. A publicly available snapshot is accessible to any AWS user. Hence one should make sure that a snapshot that is not intended to be publicly accessible is made private.

If a snapshot is public, an attacker with an AWS account can create a new volume out of the exposed snapshot and mount it to an attacker controlled EC2 instance which can then be used to access all data within the snapshot.

Based on the data within the snapshot, an attacker can target other machines, leak sensitive information to the Internet or cause damage to reputation by exposing this misconfiguration as a public finding.

In this article, we will see how to update the permissions of a user owned EBS snapshot from public to private.

Update EBS snapshot permissions

Following are the steps to update permissions for a user owned public EBS snapshot to private:

  1. Login to the AWS Management Console and navigate to EC2 dashboard

    EC2 dashboard

  2. In the navigation panel, under Elastic Block Store, click Snapshots

    EBS snapshots navigation panel

  3. Select the Snapshot that you want to update

    Select EBS snapshot

  4. Click on Actions dropdown and select Modify permissions

    Actions dropdown

  5. Select the Snapshot availability as Private and click on Save changes

    Modify snapshot permissions

← Back to Academy