Neptune Cluster Instance is Publicly Accessible

  • Query id: 9ba198e0-fef4-464a-8a4d-75ea55300de7
  • Query name: Neptune Cluster Instance is Publicly Accessible
  • Platform: Terraform
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

Neptune Cluster Instance should not be publicly accessible
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_neptune_cluster_instance" "example" {
  count              = 2
  cluster_identifier = aws_neptune_cluster.default.id
  engine             = "neptune"
  instance_class     = "db.r4.large"
  apply_immediately  = true
  publicly_accessible = true
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_neptune_cluster_instance" "negative" {
  count              = 2
  cluster_identifier = aws_neptune_cluster.default.id
  engine             = "neptune"
  instance_class     = "db.r4.large"
  apply_immediately  = true
  publicly_accessible = false
}