Enable Storage Encryption | Vulnerability Database

Neptune storage must be encrypted at rest

Encryption of Neptune storage ensures that if their is compromise of the disks, the data is still protected.

Impact

Unencrypted sensitive data is vulnerable to compromise.

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption of Neptune storage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


AWSTemplateFormatVersion: 2010-09-09
Description: Good example
Resources:
  Cluster:
    Type: AWS::Neptune::DBCluster
    Properties:
      StorageEncrypted: true
      KmsKeyId: "something"

Enable encryption of Neptune storage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


 resource "aws_neptune_cluster" "good_example" {
   cluster_identifier                  = "neptune-cluster-demo"
   engine                              = "neptune"
   backup_retention_period             = 5
   preferred_backup_window             = "07:00-09:00"
   skip_final_snapshot                 = true
   iam_database_authentication_enabled = true
   apply_immediately                   = true
   storage_encrypted                   = true
   kms_key_arn                         = aws_kms_key.example.arn
 }
 

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted