Benchmark: Neptune
Description
This benchmark provides a set of controls that detect Terraform AWS Neptune resources deviating from security best practices.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-terraform-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Neptune.
Run this benchmark in your terminal:
powerpipe benchmark run terraform_aws_compliance.benchmark.neptuneSnapshot and share results via Turbot Pipes:
powerpipe benchmark run terraform_aws_compliance.benchmark.neptune --shareControls
- Neptune cluster backup retention period should be at least 7 days
- Neptune clusters should be configured to copy tags to snapshots
- Neptune cluster should be encrypted with KMS CMK
- Neptune cluster encryption at rest should be enabled
- Neptune clusters should have IAM authentication enabled
- Neptune cluster instance should not be publicly accessible
- Neptune logging should be enabled
- Neptune snapshot should be encrypted with KMS CMK
- Neptune snapshot storage encryption should be enabled