Neptune DB Clusters Storage Encryption Should Be Enabled
More Info:
This rule checks if storage encryption is enabled for your Amazon Neptune DB clusters. The rule is NON_COMPLIANT if storage encryption is not enabled.Risk Level
MediumAddress
SecurityCompliance Standards
SOC2,NIST,GDPR,ISO27001,HIPAA,HITRUST,NISTCSF,PCIDSS,SEBITriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of Neptune DB Clusters Storage Encryption not being enabled in AWS RDS, you can follow these step-by-step instructions using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/) and login to your account.
- Navigate to Amazon Neptune: In the AWS Management Console, navigate to the Amazon Neptune service by either searching for it in the search bar or locating it under the “Database” category.
- Select the Neptune DB Cluster: From the list of Neptune DB clusters, select the DB cluster for which you want to enable storage encryption.
- Enable Encryption: In the Neptune DB cluster details page, click on the “Configuration” tab.
- Modify Cluster: Under the “Cluster details” section, click on the “Modify” button to change the configuration settings.
- Enable Encryption at Rest: Scroll down to the “Storage” section, and look for the “Storage encryption” option. Check the box next to “Enable storage encryption” to enable encryption at rest for your Neptune DB cluster.
- Choose Encryption Key: If you have an existing AWS Key Management Service (KMS) key that you want to use for encryption, you can select it from the dropdown list. Otherwise, you can choose to create a new KMS key.
- Save Changes: After enabling storage encryption and selecting the encryption key, scroll to the bottom of the page and click on the “Modify cluster” button to apply the changes.
- Monitor Progress: The modification process may take some time to complete. You can monitor the progress in the “Modifications” tab of the Neptune DB cluster details page.
- Verification: Once the modification is completed, verify that storage encryption is enabled for your Neptune DB cluster by checking the “Cluster details” section in the Neptune console.
Using CLI
Using CLI
To remediate the misconfiguration of Neptune DB Clusters storage encryption not being enabled in AWS RDS using AWS CLI, follow these steps:
-
Enable Encryption at Rest for Neptune DB Cluster:
- Run the following AWS CLI command to enable storage encryption for the Neptune DB cluster:
Replace
YOUR_DB_CLUSTER_IDENTIFIERwith the actual identifier of your Neptune DB cluster.
- Run the following AWS CLI command to enable storage encryption for the Neptune DB cluster:
-
Verify Encryption Status:
- You can verify that encryption at rest is enabled for the Neptune DB cluster by describing the cluster:
Ensure that the output shows
"StorageEncrypted": true.
- You can verify that encryption at rest is enabled for the Neptune DB cluster by describing the cluster:
-
Update IAM Policies (if needed):
- If the AWS Identity and Access Management (IAM) policies need to be updated to reflect the changes in encryption settings, make sure to update them accordingly.
-
Monitor Encryption Status:
- Regularly monitor the encryption status of your Neptune DB cluster to ensure that encryption at rest remains enabled.
Using Python
Using Python
To remediate the misconfiguration of Neptune DB Clusters Storage Encryption not being enabled in AWS RDS using Python, you can follow these steps:
- Import the necessary libraries:
- Initialize the AWS RDS client:
- Get a list of all Neptune DB clusters:
- Iterate through each Neptune DB cluster and enable storage encryption if it is not already enabled:
- Save the Python script and run it in your AWS environment with appropriate IAM permissions to modify RDS clusters.