Neptune Logging Is Disabled
- Query id: 45cff7b6-3b80-40c1-ba7b-2cf480678bb8
- Query name: Neptune Logging Is Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
Neptune logging should be enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_neptune_cluster" "postive1" {
cluster_identifier = "neptune-cluster"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "10:10-11:11"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
}
Positive test num. 2 - tf file
resource "aws_neptune_cluster" "postive2" {
cluster_identifier = "neptune-cluster"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "10:10-11:11"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
enable_cloudwatch_logs_exports = []
}
Positive test num. 3 - tf file
resource "aws_neptune_cluster" "postive3" {
cluster_identifier = "neptune-cluster"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "10:10-11:11"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
enable_cloudwatch_logs_exports = ["error"]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_neptune_cluster" "negative1" {
cluster_identifier = "neptune-cluster"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "10:10-11:11"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
enable_cloudwatch_logs_exports = ["audit"]
}
resource "aws_neptune_cluster" "negative2" {
cluster_identifier = "neptune-cluster"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "10:10-11:11"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
enable_cloudwatch_logs_exports = ["audit", "error"]
}