turbot/aws_compliance

Control: 3 Neptune DB cluster snapshots should not be public

Description

This control checks whether a Neptune manual DB cluster snapshot is public. The control fails if a Neptune manual DB cluster snapshot is public.

A Neptune DB cluster manual snapshot should not be public unless intended. If you share an unencrypted manual snapshot as public, the snapshot is available to all AWS accounts. Public snapshots may result in unintended data exposure.

Remediation

To remove public access for Neptune manual DB cluster snapshots, see Sharing a DB cluster snapshot in the Neptune User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_neptune_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_neptune_3 --share

SQL

This control uses a named query:

neptune_db_cluster_snapshot_prohibit_public_access

Tags