v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 4 Neptune DB clusters should have deletion protection enabled

Description

This control checks if a Neptune DB cluster has deletion protection enabled. The control fails if a Neptune DB cluster doesn't have deletion protection enabled.

Enabling cluster deletion protection offers an additional layer of protection against accidental database deletion or deletion by an unauthorized user. A Neptune DB cluster can't be deleted while deletion protection is enabled. You must first disable deletion protection before a delete request can succeed.

Remediation

To enable deletion protection for an existing Neptune DB cluster, see Modifying the DB cluster by using the console, CLI, and API in the Amazon Aurora User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_neptune_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_neptune_4 --share

SQL

This control uses a named query:

neptune_db_cluster_deletion_protection_enabled

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = data_deletion_protection
foundational_security_item_id = neptune_4
plugin = aws
service = AWS/Neptune