Amazon EC2

Elastic Block Store Volumes Too Old Snapshots

This plugin ensures that Elastic Block Store volume snapshots are deleted after a defined time period.

Risk Level: Low

Description

This plugin ensures that Elastic Block Store volume snapshots are deleted after a defined time period. To avoid unexpected costs, Elastic Block Store volume snapshots older than indicated should be deleted after a defined time period.

Configuration Parameters

Elastic Block Store Snapshot Life: This parameter denotes the maximum allowed lifetime for an EBS snapshot. An issue will be created if a snapshot is older than the specified number of days.

By default, the value is 14, therefore it will create an issue for all snapshots which are older than 14 days. 

About the Service

Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.

Impact

Amazon EBS snapshots are created to keep a backup of EBS volume. Many a time, developers forget to delete them after the work is finished. This result in unnecessary costs for the organization. Therefore, it is recommended to delete snapshots after a certain time frame.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Snapshots in the Elastic Block Store section from the left navigation pane.
  4. A list of EBS snapshots available will be displayed. Check the Started column, if it has crossed the configured days in the past, the vulnerability exists.
  5. Repeat steps for all the EBS volumes you want to investigate.

Steps for Remediation

Delete the Elastic Block Store snapshots past their defined expiration date:

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Snapshots in the Elastic Block Store section from the left navigation pane.
  4. A list of EBS snapshots available will be displayed. Select the vulnerable snapshot by clicking on the checkbox next to it.
  5. From the Actions drop-down menu, click on Delete.
  6. Repeat steps for all the vulnerable EBS snapshots.