🚀Launch Week 04, May 13th - 17th, 2024!🚀
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub
Loading controls...

Control: 8 Neptune DB clusters should be configured to copy tags to snapshots

Description

This control checks if a Neptune DB cluster is configured to copy all tags to snapshots when the snapshots are created. The control fails if a Neptune DB cluster isn't configured to copy tags to snapshots.

Identification and inventory of your IT assets is a crucial aspect of governance and security. You should tag snapshots in the same way as their parent Amazon RDS database clusters. Copying tags ensures that the metadata for the DB snapshots matches that of the parent database clusters, and that access policies for the DB snapshot also match those of the parent DB instance.

Remediation

To copy tags to snapshots for Neptune DB clusters, see Copying tags in Neptune in the Neptune User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_neptune_8

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_neptune_8 --share

SQL

This control uses a named query:

neptune_db_cluster_copy_tags_to_snapshot_enabled

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = tagging
foundational_security_item_id = neptune_8
plugin = aws
service = AWS/Neptune