lacework-global-367

Neptune DB cluster snapshots should not be public (Automated)

Description

This policy checks for Neptune manual DB cluster snapshots that are public. A Neptune DB cluster manual snapshot should not be public unless intended. If you share an unencrypted manual snapshot as public, the snapshot is available to all AWS accounts. Public snapshots may result in unintended data exposure.

Remediation

From Console:

Sign in to the AWS Management Console and open the Neptune console at https://console.aws.amazon.com/neptune.
Click Snapshots.
Click the name of a public snapshot.
Under Actions, select Share snapshot.
Under DB cluster snapshot visibility, select Private.
Click Save.

From CLI:

aws neptune modify-db-cluster-snapshot-attribute --db-cluster-snapshot-identifier <snapshot_identifier> --attribute-name restore --values-to-remove all

References

https://docs.aws.amazon.com/neptune/latest/userguide/backup-restore-share-snapshot.html
https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-3

Neptune DB cluster snapshots should not be public (Automated)​

Description​

Remediation​

References​

Neptune DB cluster snapshots should not be public (Automated)

Description

Remediation

References