Enable Storage Encryption | Vulnerability Database

Neptune storage must be encrypted at rest

Encryption of Neptune storage ensures that if their is compromise of the disks, the data is still protected.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption of Neptune storage

1
2
3
4
5
6


Resources:
  GoodCluster:
    Type: AWS::Neptune::DBCluster
    Properties:
      KmsKeyId: something
      StorageEncrypted: true

Enable encryption of Neptune storage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


resource "aws_neptune_cluster" "good_example" {
  cluster_identifier                  = "neptune-cluster-demo"
  engine                              = "neptune"
  backup_retention_period             = 5
  preferred_backup_window             = "07:00-09:00"
  skip_final_snapshot                 = true
  iam_database_authentication_enabled = true
  apply_immediately                   = true
  storage_encrypted                   = true
  kms_key_arn                         = aws_kms_key.example.arn
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted