AWS-Neptune-DB-snapshot-encryption-enable
Severity: High
Description: This control ensures that all the Database Cluster snapshots (manual or automatic) are encrypted in order to keep the data in the snapshots secure. Unencrypted snapshots can be restored to view the data stored in the DB Cluster. Encrypted snapshots help in preventing this leakage of information as even after restoring encrypted snapshots, they are not readable without access to the KMS key with which it was encrypted.
Remediation Steps:
Perform following to configure snapshot encryption for Neptune :
Login to the AWS Management Console at https://console.aws.amazon.com.
Navigate to Neptune console.
In the navigation pane, click on Snapshots.
Click Actions button.
Under Actions, choose Copy Snapshot.
Choose your Destination Region, and then enter your New DB Snapshot Identifier.
Select Copy Tags if needed.
Under Encryption, select Enable Encryption.
Select your Master Key from the list, and then choose Copy Snapshot.
Important:
Reference:
https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html
https://docs.aws.amazon.com/neptune/latest/userguide/backup-restore-copy-snapshot.html
https://docs.aws.amazon.com/cli/latest/reference/neptune/copy-db-cluster-snapshot.html
Â
Blue Hexagon Proprietary