v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 3 Neptune DB cluster snapshots should not be public

Description

This control checks whether a Neptune manual DB cluster snapshot is public. The control fails if a Neptune manual DB cluster snapshot is public.

A Neptune DB cluster manual snapshot should not be public unless intended. If you share an unencrypted manual snapshot as public, the snapshot is available to all AWS accounts. Public snapshots may result in unintended data exposure.

Remediation

To remove public access for Neptune manual DB cluster snapshots, see Sharing a DB cluster snapshot in the Neptune User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_neptune_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_neptune_3 --share

SQL

This control uses a named query:

neptune_db_cluster_snapshot_prohibit_public_access

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = resources_not_publicly_accessible
foundational_security_item_id = neptune_3
plugin = aws
service = AWS/Neptune