Ensure Neptune logging is enabled

Error: Neptune logging is not enabled

Bridgecrew PolicyID: BC_AWS_LOGGING_24
Checkov Check ID: CKV_AWS_101
Severity: HIGH

Neptune logging is not enabled

Description

These logs can be used to analyse traffic patterns and troubleshoot security and operational issues.
It is recommended that you set your cluster to optionally export its' logs to AWS Cloudwatch.

Fix - Runtime

AWS Console

TBA

Fix - Buildtime

Terraform

  • Resource: aws_neptune_cluster
  • Argument: enable_cloudwatch_logs_exports
resource "aws_neptune_cluster" "Pike" {
  cluster_identifier   = var.DBClusterIdentifier
 
	...
+ enable_cloudwatch_logs_exports      = ["audit"]
}

CloudFormation

  • Resource: AWS::Neptune::DBCluster
  • Argument: Properties.EnableCloudWatchLogExports
Type: "AWS::Neptune::DBCluster"
	Properties:
		...
+		EnableCloudwatchLogsExports: ["audit"]