Neptune logging is not enabled
Description
This policy ensures that logging is enabled for Amazon Neptune clusters. Enabling logging for your Neptune clusters is critical for auditing and monitoring purposes. It helps in capturing database activities that can be useful for debugging and compliance requirements. This check validates that `enable_cloudwatch_logs_exports` includes the required log types.
Code Example
go
resource "aws_neptune_cluster" "Pike" {
cluster_identifier = var.DBClusterIdentifier
...
+ enable_cloudwatch_logs_exports = ["audit"]
}Remediation
Terraform
- Resource: aws_neptune_cluster
- Arguments: enable_cloudwatch_logs_exports
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0154 |
| Severity | HIGH |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_101 |