Ensure Neptune logging is enabled

Error: Neptune logging is not enabled

Bridgecrew PolicyID: BC_AWS_LOGGING_24
Checkov Check ID: CKV_AWS_101
Severity: HIGH

Neptune logging is not enabled

Description

These access logs can be used to analyze traffic patterns and troubleshoot security and operational issues.
Access logging is an optional feature of ELB that is disabled by default.
We recommend that your ELB has Access Logging Enabled.

Fix - Runtime

AWS Console

TBA

Fix - Buildtime

Terraform

  • Resource: aws_elb
  • Argument: access_logs
resource "aws_elb" "test" {
  name = "test-lb-tf"
    ...
+ access_logs {
+    bucket  = aws_s3_bucket.lb_logs.bucket
+    enabled = true
+ }
}

CloudFormation

  • Resource: AWS::Neptune::DBCluster
  • Argument: Properties.EnableCloudWatchLogExports
Type: "AWS::Neptune::DBCluster"
    Properties:
        ...
+       EnableCloudwatchLogsExports: ["audit"]

Did this page help you?