AWS Neptune Cluster not configured with IAM authentication
Description
This policy is checking if Neptune DB clusters in an AWS environment have IAM database authentication enabled. IAM stands for Identity and Access Management, which is a web service that helps control access to AWS resources. IAM authentication facilitates secure access management to the database because it eliminates the need to share and store database credentials. If it's not enabled, it may expose the database to unauthorized access, potentially leading to data breaches or manipulations. Hence, it's bad practice if IAM database authentication is not enabled.
Code Example
hcl
resource "aws_neptune_cluster" "default" {
cluster_identifier = "neptune-cluster-demo"
iam_database_authentication_enabled = true
...
tags = {
Name = "default"
Environment = "production"
}
}Remediation
Terraform
- Resource: aws_neptune_cluster
- Arguments: iam_database_authentication_enabled
To fix this issue, you need to enable IAM database authentication for your Neptune DB clusters.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0406 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_359 |