New IAM User Created An EBS Snapshot

Overview

This detector reports an issue when a new IAM user creates an EBS snapshot. You can configure the age of IAM users that are no longer considered new by this detector.

EBS snapshots backup the contents of a storage volume for an EC2 instance. An EBS snapshot often contains sensitive information, credentials, and source code. EBS snapshots can be shared with specific AWS accounts or with anybody that has an AWS account. The generally sensitive contents of EBS snapshots, along with their ability to be shared outside of an AWS account mean that they can present a convenient way for an attacker to exfiltrate data.

Vendor

AWS

Overview​

Vendor​

Severity​

Overview

Vendor

Severity