AWS allows the creation of snapshots of EBS volumes. These snapshots can then be used to create / restore volumes and attach to an instance. These snapshots have permissions on them which can make them either public or private. A publicly available snapshot is accessible to any AWS user. Hence one should make sure that a snapshot that is not intended to be publicly accessible is made private.
If a snapshot is public, an attacker with an AWS account can create a new volume out of the exposed snapshot and mount it to an attacker controlled EC2 instance which can then be used to access all data within the snapshot.
Based on the data within the snapshot, an attacker can target other machines, leak sensitive information to the Internet or cause damage to reputation by exposing this misconfiguration as a public finding.
In this article, we will see how to update the permissions of a user owned EBS snapshot from public to private.
Update EBS snapshot permissions
Following are the steps to update permissions for a user owned public EBS snapshot to private:
Login to the AWS Management Console and navigate to EC2 dashboard
In the navigation panel, under Elastic Block Store, click Snapshots
Select the Snapshot that you want to update
Click on Actions dropdown and select Modify permissions
Select the Snapshot availability as Private and click on Save changes