AWS-Neptune-DB-deletion-protection-enable

Severity: Medium

Description: This control ensures that the Deletion Protection feature is enabled for the Neptune cluster to prevent accidental deletions. The "Deletion Protection" feature for AWS Neptune Clusters denies any delete operation on the cluster from any source and entity. This provides protection for the clusters from being accidentally deleted. In a production environment, the availability of the data is very crucial and preventing deletion of a cluster ensures the data is available.

Remediation Steps:

Perform following to configure deletion protection for Neptune :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to Neptune console.

3. In the navigation pane, choose Databases.

4. Select database Cluster to configure, Choose Modify.

5. Under Deletion Protection, select enable deletion protection checkbox.

6. Click Continue.

7. Under the Scheduling of modifications option select Apply Immediately.

8. Click Modify DB Cluster.

Important:

Any modifications to AWS Neptune Cluster can be either applied immediately or can be scheduled to apply during the next maintenance window.

Reference:

• https://aws.amazon.com/about-aws/whats-new/2020/01/amazon-neptune-provides-data-base-deletion-protection/