A common data security issue is the unprotected copying of production data to non-production environments without any redaction, masking, or filtering.
This practice poses a serious risk. A malicious actor will target the weakest link in your infrastructure, including non-production accounts and the developer systems accessing them.
With AWS RDS Aurora, the clone feature produces an instance copy of a cluster. Unlike traditional methods, this feature requires no dump-and-load or snapshot-and-restore process, making data available relatively instantaneous. Using this feature is very useful and valuable for production deployment testing, but there is an anti-pattern for abusing the feature.
Recently, I observed the use of AWS RDS Aurora’s clone feature, to instantly replicate production data into a test environment even in segregated AWS accounts. AWS documentation promotes this feature with the following statement.
“Aurora cloning is especially useful for quickly setting up test environments using your production data, without risking data corruption.”
The documentation fails to provide a necessary security warning that should align with the AWS Well-Architected Framework’s security pillar, or offer additional warnings when using the option via the AWS console as you see when deleting resources.
Some additional background of the AWS RDS Aurora clone features from the AWS documentation if you are unfamiliar with the functionality.
While Aurora cloning is designed to be fast and cost-effective, allowing users to create a new cluster that initially shares data pages with the original, it introduces significant security concerns if not properly controlled. The cloned cluster is independent but retains full access to the original data, thus increasing the attack surface.
By using Aurora cloning, you can create a new cluster that initially shares the same data pages as the original, but is a separate and independent volume. The process is designed to be fast and cost-effective. The new cluster with its associated data volume is known as a clone. Creating a clone is faster and more space-efficient than physically copying the data using other techniques, such as restoring a snapshot.
