AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Neptune Cluster Should Have Copy Tags For Snapshots Enabled
More Info:
Checks if an Amazon Neptune cluster is configured to copy all tags to snapshots when the snapshots are created. The rule is NON_COMPLIANT if ‘copyTagsToSnapshot’ is set to false.
Risk Level
Medium
Address
Configuration
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of Neptune Cluster not having copy tags for snapshots enabled in AWS RDS using the AWS Management Console, follow these step-by-step instructions:
-
Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to the AWS Management Console using your credentials.
-
Navigate to the Amazon Neptune Console: Click on the “Services” dropdown at the top left corner of the AWS Management Console, then select “Neptune” under the Database category.
-
Select the Neptune Cluster: From the list of Neptune clusters, click on the name of the cluster that needs to have copy tags for snapshots enabled.
-
Enable Copy Tags for Snapshots:
- In the Neptune Cluster dashboard, click on the “Snapshots” tab in the navigation pane on the left.
- Click on the “Modify” button at the top of the page to modify the cluster settings.
- In the Modify cluster page, scroll down to the “Backup” section.
- Look for the option “Copy tags to snapshots” and check the box to enable this feature.
- Click on the “Apply immediately” checkbox if you want the changes to take effect immediately.
- Click on the “Modify Cluster” button to save the changes.
-
Verify Configuration:
- Once the modification is complete, go back to the Neptune Cluster dashboard.
- Click on the “Snapshots” tab again and select an existing snapshot or create a new one.
- Verify that the tags from the Neptune Cluster are copied to the snapshot.
By following these steps, you have successfully enabled copy tags for snapshots for the Neptune Cluster in AWS RDS using the AWS Management Console.
To remediate the misconfiguration of Neptune Cluster not having Copy Tags For Snapshots enabled in AWS RDS using AWS CLI, you can follow these steps:
-
Identify the Neptune Cluster: First, you need to identify the Neptune Cluster for which you want to enable the Copy Tags For Snapshots option. You can do this by running the following AWS CLI command:
aws neptune describe-db-clusters --db-cluster-identifier YOUR_CLUSTER_IDENTIFIER
-
Enable Copy Tags For Snapshots: Once you have identified the Neptune Cluster, you can enable the Copy Tags For Snapshots option by running the following AWS CLI command:
aws neptune modify-db-cluster --db-cluster-identifier YOUR_CLUSTER_IDENTIFIER --copy-tags-to-snapshot
-
Verify the Configuration: To verify that the Copy Tags For Snapshots option has been successfully enabled for the Neptune Cluster, you can run the following AWS CLI command:
aws neptune describe-db-clusters --db-cluster-identifier YOUR_CLUSTER_IDENTIFIER
By following these steps and using the AWS CLI commands provided, you can successfully remediate the misconfiguration of Neptune Cluster not having Copy Tags For Snapshots enabled in AWS RDS.
To remediate the misconfiguration of Neptune Cluster not having Copy Tags for Snapshots enabled in AWS RDS using Python, you can follow these steps:
-
Install the AWS SDK for Python (Boto3) if you haven’t already. You can install it using pip:
pip install boto3
-
Use the following Python script to enable the “Copy Tags for Snapshots” attribute for your Neptune Cluster:
import boto3
# Initialize the RDS client
client = boto3.client('rds')
# Specify the name of your Neptune Cluster
neptune_cluster_identifier = 'your-neptune-cluster-identifier'
# Enable the Copy Tags for Snapshots attribute
response = client.modify_db_cluster(
DBClusterIdentifier=neptune_cluster_identifier,
CopyTagsToSnapshot=True
)
print('Copy Tags for Snapshots attribute has been enabled for the Neptune Cluster.')
-
Replace
'your-neptune-cluster-identifier'
with the actual identifier of your Neptune Cluster. -
Run the Python script. After successful execution, the “Copy Tags for Snapshots” attribute will be enabled for your Neptune Cluster.
By following these steps, you can remediate the misconfiguration of Neptune Cluster not having Copy Tags for Snapshots enabled in AWS RDS using Python.