Disabled Neptune logging High

Disabled Neptune logging is detected. Make sure to enable Neptune logging to analyse traffic patterns and troubleshoot security.

Detector ID
terraform/disabled-neptune-logging-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1resource "aws_neptune_cluster" "test" {
2  # Noncompliant: Neptune logging is not enabled.
3  cluster_identifier                  = "neptune-cluster-demo"
4  engine                              = "neptune"
5  backup_retention_period             = 5
6  preferred_backup_window             = "07:00-09:00"
7  skip_final_snapshot                 = true
8  iam_database_authentication_enabled = true
9  apply_immediately                   = true
10  storage_encrypted                   = true
11  deletion_protection                 = true
12  kms_key_arn                         = aws_kms_key.pike.arn
13}

Compliant example

1resource "aws_neptune_cluster" "test" {
2  cluster_identifier                  = "neptune-cluster-demo"
3  engine                              = "neptune"
4  backup_retention_period             = 5
5  preferred_backup_window             = "07:00-09:00"
6  skip_final_snapshot                 = true
7  iam_database_authentication_enabled = true
8  apply_immediately                   = true
9  # Compliant: Neptune logging is enabled.
10  enable_cloudwatch_logs_exports      = ["audit"]
11  storage_encrypted                   = true
12  deletion_protection                 = true
13  kms_key_arn                         = aws_kms_key.pike.arn
14}