Neptune Database Cluster Encryption Disabled
- Query id: 98d59056-f745-4ef5-8613-32bca8d40b7e
- Query name: Neptune Database Cluster Encryption Disabled
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Neptune database cluster storage should have encryption enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_neptune_cluster" "positive1" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
}
resource "aws_neptune_cluster" "positive2" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
storage_encrypted = false
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_neptune_cluster" "negative1" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
storage_encrypted = true
}