Neptune storage must be encrypted at rest
Encryption of Neptune storage ensures that if their is compromise of the disks, the data is still protected.
Impact
Unencrypted sensitive data is vulnerable to compromise.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Enable encryption of Neptune storage
1
2
3
4
5
6
7
8
9
10
|
AWSTemplateFormatVersion: 2010-09-09
Description: Good example
Resources:
Cluster:
Type: AWS::Neptune::DBCluster
Properties:
StorageEncrypted: true
KmsKeyId: "something"
|
Enable encryption of Neptune storage
1
2
3
4
5
6
7
8
9
10
11
12
|
resource "aws_neptune_cluster" "good_example" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
storage_encrypted = true
kms_key_arn = aws_kms_key.example.arn
}
|
Links