Ensure Neptune logging is enabled
Error: Neptune logging is not enabled
Bridgecrew PolicyID: BC_AWS_LOGGING_24
Checkov Check ID: CKV_AWS_101
Severity: HIGH
Neptune logging is not enabled
Description
These logs can be used to analyse traffic patterns and troubleshoot security and operational issues.
It is recommended that you set your cluster to optionally export its' logs to AWS Cloudwatch.
Fix - Runtime
AWS Console
TBA
Fix - Buildtime
Terraform
- Resource: aws_neptune_cluster
- Argument: enable_cloudwatch_logs_exports
resource "aws_neptune_cluster" "Pike" {
cluster_identifier = var.DBClusterIdentifier
...
+ enable_cloudwatch_logs_exports = ["audit"]
}
CloudFormation
- Resource: AWS::Neptune::DBCluster
- Argument: Properties.EnableCloudWatchLogExports
Type: "AWS::Neptune::DBCluster"
Properties:
...
+ EnableCloudwatchLogsExports: ["audit"]
Updated 6 months ago