Ensure public access is disabled for AWS Neptune cluster instances

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In AWS Console -

Sign in to AWS Console and go to the Amazon Neptune console.
Navigate to Neptune instance and then select your public database.
Select Modify.
Under Connectivity, expand Additional connectivity configuration.
Under Public access, select Not publicly accessible.

In Terraform -

In the aws_neptune_cluster resource, set the publicly_accessible field to false.

References:
https://docs.aws.amazon.com/neptune/latest/userguide/get-started-security.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster_instance#publicly_accessible

Policy Details

Rule Reference ID: AC_AWS_0381

CSP: AWS

Remediation Available: Yes

Domain: Data Protection

Resource: aws_neptune_cluster_instance

Resource Category: Database

Resource Type: Neptune

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2

Detections

Analytics