HIGH
Source
Trivy
ID
AVD-AWS-0076

Neptune storage must be encrypted at rest

Encryption of Neptune storage ensures that if their is compromise of the disks, the data is still protected.

Impact

Unencrypted sensitive data is vulnerable to compromise.

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption of Neptune storage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
AWSTemplateFormatVersion: 2010-09-09
Description: Good example
Resources:
  Cluster:
    Type: AWS::Neptune::DBCluster
    Properties:
      StorageEncrypted: true
      KmsKeyId: "something"

Enable encryption of Neptune storage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
resource "aws_neptune_cluster" "good_example" {
  cluster_identifier                  = "neptune-cluster-demo"
  engine                              = "neptune"
  backup_retention_period             = 5
  preferred_backup_window             = "07:00-09:00"
  skip_final_snapshot                 = true
  iam_database_authentication_enabled = true
  apply_immediately                   = true
  storage_encrypted = true
}