Neptune Cluster With IAM Database Authentication Disabled
- Query id: c91d7ea0-d4d1-403b-8fe1-c9961ac082c5
- Query name: Neptune Cluster With IAM Database Authentication Disabled
- Platform: Terraform
- Severity: High
- Category: Access Control
- CWE: 285
- URL: Github
Description¶
Neptune Cluster should have IAM Database Authentication enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_neptune_cluster" "positive1" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
apply_immediately = true
storage_encrypted = true
}
resource "aws_neptune_cluster" "positive2" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
iam_database_authentication_enabled = false
apply_immediately = true
storage_encrypted = true
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_neptune_cluster" "negative1" {
cluster_identifier = "neptune-cluster-demo"
engine = "neptune"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
iam_database_authentication_enabled = true
apply_immediately = true
storage_encrypted = true
}