Neptune Cluster With IAM Database Authentication Disabled

• Query id: a3aa0087-8228-4e7e-b202-dc9036972d02
• Query name: Neptune Cluster With IAM Database Authentication Disabled
• Platform: CloudFormation
• Severity: High
• Category: Access Control
• CWE: 285
• URL: Github

Description

Neptune Cluster should have IAM Database Authentication enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

AWSTemplateFormatVersion: 2010-09-09
Description: A sample template
Resources:
  NeptuneDBCluster:
    Type: AWS::Neptune::DBCluster
    Properties:
      IamAuthEnabled: false
      StorageEncrypted: true
  NeptuneDBCluster2:
    Type: AWS::Neptune::DBCluster
    Properties:
      IamAuthEnabled: false
      StorageEncrypted: true

Positive test num. 2 - json file

{
  "AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
  "Description": "A sample template",
  "Resources": {
    "NeptuneDBCluster": {
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "IamAuthEnabled": false,
        "StorageEncrypted": true
      }
    },
    "NeptuneDBCluster2": {
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "IamAuthEnabled": false,
        "StorageEncrypted": true
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

AWSTemplateFormatVersion: 2010-09-09
Description: A sample template
Resources:
  NeptuneDBCluster3:
    Type: AWS::Neptune::DBCluster
    Properties:
      IamAuthEnabled: true
      StorageEncrypted: true

Negative test num. 2 - json file

{
  "AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
  "Description": "A sample template",
  "Resources": {
    "NeptuneDBCluster3": {
      "Type": "AWS::Neptune::DBCluster",
      "Properties": {
        "IamAuthEnabled": true,
        "StorageEncrypted": true
      }
    }
  }
}