Neptune DB Cluster Snapshot Should Not Be Public
More Info:
Checks if an Amazon Neptune manual DB cluster snapshot is public. The rule is NON_COMPLIANT if any existing and new Neptune cluster snapshot is public.Risk Level
MediumAddress
SecurityCompliance Standards
CBP,SEBITriage and Remediation
Remediation
Using Console
Using Console
Follow these steps to remediate the issue of public Neptune DB Cluster Snapshots using the AWS Console:
- Login to AWS Console: Access the AWS Management Console with your credentials.
- Navigate to Amazon Neptune: In the top navigation bar, click Services and search for “Neptune”. Select it from the list.
- Select Your Neptune DB Cluster: In the Amazon Neptune dashboard, find and click on your specific Neptune DB cluster to view its details.
- View Snapshots: In the left-hand menu, click Snapshots to view all available snapshots associated with your DB cluster.
- Locate Public Snapshots: Check the Public column for any snapshots marked as “public”.
- Modify Snapshot Permissions: Select the checkbox next to the public snapshot and click Modify Snapshot Permissions at the top.
- Disable Public Access: In the permissions dialog, ensure the “Allow public access” option is unchecked. This will restrict external access to the snapshot.
- Apply Changes: Click Save Changes to apply the updated permissions.
- Confirm: Once changes are applied, verify that the snapshot is no longer publicly accessible by checking the Public column again.
Using CLI
Using CLI
Follow these steps to modify the snapshot permissions using AWS CLI:Replace
- List Public Snapshots: Run the following AWS CLI command to identify any public Neptune DB cluster snapshots:
- Update Snapshot Permissions: Modify the snapshot’s attributes to disable public access using the following command:
<snapshot-identifier> with the actual ID of the public snapshot you wish to modify.- Verify Changes: Run the
describe-db-cluster-snapshotscommand again to ensure that the snapshot is no longer public:
Using Python
Using Python
To remediate the issue of public Neptune DB Cluster Snapshots programmatically using Python, follow these steps:
- Identify Public Snapshots: Use the AWS SDK for Python (Boto3) to identify any public Neptune DB cluster snapshots:
- Modify Snapshot Permissions: For each identified public snapshot, modify its permissions to remove public access:
- Re-Verify: After making the changes, re-run the script to confirm that no public snapshots remain: