AWS-Neptune-DB-snapshot-sharing-private

Severity: High

Description: This controls ensures that no Neptune DB Cluster Snapshot is shared publicly. Neptune DB Cluster manual snapshots can be shared privately with other AWS accounts or can be made public. Public snapshots can be accessed by anyone in the world from the same AWS account or from any other AWS account. Sharing snapshots can lead to leakage of sensitive data as it any unwanted/unauthorized AWS user can access the snapshot.

Remediation Steps:

Perform following to remove public sharing configuration from snapshots for Neptune :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to Neptune console.

3. In the navigation pane, click on Snapshots.

4. Select the snapshot that is shared.

5. Click Actions button, select Share snapshot option.

6. Under Preferences, select DB snapshot visibility as Private.

7. Check the Delete check box corresponding to the entry with AWS Account ID as all.

8. Click Save button.

Important:

Reference:

• https://docs.aws.amazon.com/neptune/latest/userguide/backup-restore-copy-snapshot.html