Detections
Analytics

Ensure IAM database authentication has been enabled for AWS Neptune cluster

MEDIUM

Description

Enabling IAM database authentication for an AWS Neptune cluster enhances the security of database infrastructure by leveraging the robust AWS IAM authentication, centralized user management, least privilege access controls, and integration with other AWS security features. Using this feature can help conform to regulatory and compliance specifications as well as adhere to industry best practices.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and go to the Amazon Neptune console.
  2. In the navigation pane, select Clusters.
  3. Choose the Neptune DB cluster that you want to modify, and select Modify.
  4. In the Database options section, under IAM DB Authentication, check the box for Enable IAM DB authorization and select Continue.
  5. To apply the changes immediately, select Apply immediately (Note: using this option will result in downtime).
  6. Select Modify cluster.

In Terraform -

  1. In the aws_neptune_cluster resource, set the iam_database_authentication_enabled field to true.
  2. If you wish for this change to apply immediately, set apply_immediately to true.

References:
https://docs.aws.amazon.com/neptune/latest/userguide/manage-console-instances-modify.html
https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#iam_database_authentication_enabled

Policy Details

Rule Reference ID: AC_AWS_0183
CSP: AWS
Remediation Available: Yes
Domain: Identity and Access Management
Resource: aws_neptune_cluster
Resource Category: Database
Resource Type: Neptune

Frameworks