Neptune DB Cluster Should Have Deletion Protection Enabled
More Info:
Checks if an Amazon Neptune DB cluster has deletion protection enabled. The rule is NON_COMPLIANT if an Amazon Neptune cluster has the deletionProtection field set to false.Risk Level
HighAddress
ConfigurationCompliance Standards
NIST,CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of Neptune DB Cluster not having deletion protection enabled in AWS RDS, you can follow these step-by-step instructions using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login with your credentials.
- Navigate to Amazon Neptune Service: Click on the “Services” dropdown in the top-left corner of the console, then select “Neptune” under the Database category.
- Select the DB Cluster: From the list of Neptune DB Clusters, select the DB Cluster for which you want to enable deletion protection.
- Modify DB Cluster: In the DB Cluster details page, click on the “Actions” dropdown button and select “Modify”.
- Enable Deletion Protection: Scroll down to the “Additional configuration” section in the Modify DB Cluster page. Locate the “Deletion protection” option and check the box to enable deletion protection for the DB Cluster.
- Review and Apply Changes: Review the other configuration settings to ensure they are correct. Once you have verified the changes, click on the “Modify cluster” button to apply the changes.
- Monitor the Modification: The modification process may take a few minutes to complete. You can monitor the progress on the DB Cluster details page.
Using CLI
Using CLI
To remediate the misconfiguration of Neptune DB Cluster not having deletion protection enabled in AWS RDS using AWS CLI, follow these steps:
-
Install and Configure AWS CLI:
- If you haven’t already, install the AWS CLI by following the instructions in the AWS documentation (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html).
- Configure the AWS CLI with your AWS credentials by running
aws configureand providing your Access Key ID, Secret Access Key, region, and output format.
-
Enable Deletion Protection for Neptune DB Cluster:
- Run the following AWS CLI command to enable deletion protection for your Neptune DB Cluster:
Replace
<your-db-cluster-identifier>with the actual identifier of your Neptune DB Cluster.
- Run the following AWS CLI command to enable deletion protection for your Neptune DB Cluster:
-
Verify Deletion Protection Status:
- To verify that deletion protection has been successfully enabled for your Neptune DB Cluster, you can describe the cluster using the following command:
This command will return the identifier of the DB Cluster and its deletion protection status.
- To verify that deletion protection has been successfully enabled for your Neptune DB Cluster, you can describe the cluster using the following command:
-
Ensure Deletion Protection Persists:
- It is recommended to periodically check the deletion protection status of your Neptune DB Cluster to ensure that it persists over time. You can use the same describe command mentioned in step 3 for this purpose.
Using Python
Using Python
To remediate the misconfiguration of Neptune DB Cluster not having deletion protection enabled in AWS RDS using Python, you can follow these steps:
- Import the necessary libraries:
- Initialize the AWS RDS client:
- Get a list of all Neptune DB Clusters:
- Iterate through each DB Cluster and enable deletion protection if it is not already enabled:
- Run the Python script to enable deletion protection for all Neptune DB Clusters in your AWS RDS.