Back to All Checks
Critical SSM Regional

SSM documents should have the block public sharing setting enabled

FSBP

Description

This control checks whether the block public sharing setting is enabled for AWS Systems Manager (SSM) documents. The control fails if this setting is disabled. The block public sharing setting for SSM documents is an account-level setting. Enabling this setting helps prevent unwanted access to SSM documents. It's important to note that enabling this setting does not affect any SSM documents that are currently shared publicly. The recommendation is to enable this setting unless a specific use case requires sharing SSM documents with the public. The setting can also differ for each AWS Region.

Remediation

To enable the block public sharing setting for SSM documents, configure the service setting to disable public sharing permissions.

Steps

  1. Open the AWS Systems Manager console.
  2. Navigate to 'Settings' in the left navigation pane.
  3. Select 'Service settings' or search for 'Document sharing'.
  4. Locate the 'Public sharing permission' setting.
  5. Set the value to 'Disable' to block public sharing.
  6. Save the configuration.
  7. Note: This setting applies per region, so configure it for each region where you use SSM documents.

Compliance

FSBP
Start Your Free Security Check