AWS-Neptune-DB-using-non-default-listening-port

Severity: Low

Description: This control checks the port for the database cluster and  ensures that the database cluster is not listening to default port. In a Multi-AZ deployment, the primary DB instance is synchronously replicated across Availability Zones to Replicas. A Neptune Database Cluster can be made Multi-AZ by adding a new DB Instance in the cluster in a separate Availability Zone.

Remediation Steps:

Perform following to configure listening port for Neptune :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to Neptune console.

3. In the navigation pane, choose Databases.

4. Select database Cluster to configure, Choose Modify.

5. In section Database Options, set Database Port to a non-default port.

6. Click Continue.

7. Click Modify DB Cluster.

Important:

• Neptune DB default listening port is 8182.

• Changing database port restarts the database instantly

• Changing the database port will break communication between database and dependent applications. Connection strings configured will require modification. 

• Security Groups associated with Database instance will need an update to allow inbound traffic to the database. 

• Security groups/firewalls associated with applications communicating with the database may need an update to allow inbound traffic to the database.

Reference:

• https://aws.amazon.com/blogs/database/applying-best-practices-for-securing-sensitive-data-in-amazon-rds