Ensure Neptune logging is enabled

Error: Neptune logging is not enabled

Bridgecrew PolicyID: BC_AWS_LOGGING_24
Checkov Check ID: CKV_AWS_101
Severity: HIGH

Neptune logging is not enabled

Description

These logs can be used to analyse traffic patterns and troubleshoot security and operational issues.
It is recommended that you set your cluster to optionally export its' logs to AWS Cloudwatch.

Fix - Runtime

AWS Console

TBA

Fix - Buildtime

Terraform

Resource: aws_neptune_cluster
Argument: enable_cloudwatch_logs_exports

resource "aws_neptune_cluster" "Pike" {
  cluster_identifier   = var.DBClusterIdentifier
 
    ...
+ enable_cloudwatch_logs_exports      = ["audit"]
}

CloudFormation

Resource: AWS::Neptune::DBCluster
Argument: Properties.EnableCloudWatchLogExports

Type: "AWS::Neptune::DBCluster"
    Properties:
        ...
+       EnableCloudwatchLogsExports: ["audit"]

Updated 6 months ago