Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > Neptune >

Enable Log Export

MEDIUM
Source
Trivy
ID
AVD-AWS-0075
cloudformation terraform

Neptune logs export should be enabled

Neptune does not have auditing by default. To ensure that you are able to accurately audit the usage of your Neptune instance you should enable export logs.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Enable export logs

1
2
3
4
5
6

Resources:
  GoodCluster:
    Type: AWS::Neptune::DBCluster
    Properties:
      EnableCloudwatchLogsExports:
        - audit

Enable export logs

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

resource "aws_neptune_cluster" "good_example" {
  cluster_identifier                  = "neptune-cluster-demo"
  engine                              = "neptune"
  backup_retention_period             = 5
  preferred_backup_window             = "07:00-09:00"
  skip_final_snapshot                 = true
  iam_database_authentication_enabled = true
  apply_immediately                   = true
  enable_cloudwatch_logs_exports      = ["audit"]
}
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use