AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Neptune DB Cluster Should Have Backup Retention Check
More Info:
Checks if an Amazon Neptune DB cluster retention period is set to specific number of days. The rule is NON_COMPLIANT if the retention period is less than the value specified by the parameter.
Risk Level
Medium
Address
Configuration
Compliance Standards
CBP,SEBI
Triage and Remediation
Remediation
To remediate the misconfiguration of Neptune DB Cluster not having backup retention check in AWS RDS using the AWS Management Console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login using your credentials.
-
Navigate to Amazon Neptune: Click on the “Services” dropdown in the top menu, then select “Neptune” under the Database section.
-
Select Neptune DB Cluster: From the list of Neptune DB Clusters, click on the DB Cluster that you want to configure backup retention for.
-
Modify Backup Retention: In the Neptune DB Cluster dashboard, click on the “Modify” button to change the configuration settings.
-
Set Backup Retention Period: Scroll down to the “Backup” section and locate the “Backup Retention Period” setting. Set the desired backup retention period in days. Ensure that the checkbox for “Backup Retention” is checked.
-
Apply Changes: Scroll to the bottom of the page and click on the “Continue” button.
-
Review and Apply Changes: Review the changes you have made to the Neptune DB Cluster configuration. Once you are satisfied, click on the “Modify Cluster” button to apply the changes.
-
Monitor Configuration Changes: After applying the changes, monitor the Neptune DB Cluster to ensure that the backup retention check is configured correctly.
By following these steps, you will successfully remediate the misconfiguration of Neptune DB Cluster not having backup retention check in AWS RDS using the AWS Management Console.
To remediate the misconfiguration for Neptune DB Cluster backup retention check in AWS RDS using AWS CLI, follow these steps:
-
Check Current Backup Retention Settings: Run the following AWS CLI command to check the current backup retention settings for your Neptune DB Cluster:
aws neptune describe-db-cluster --db-cluster-identifier YOUR_DB_CLUSTER_IDENTIFIER -
Update Backup Retention Period: Run the following AWS CLI command to modify the backup retention period for your Neptune DB Cluster. Replace
YOUR_DB_CLUSTER_IDENTIFIERwith the actual identifier of your Neptune DB Cluster andNEW_RETENTION_PERIODwith the desired retention period in days:aws neptune modify-db-cluster --db-cluster-identifier YOUR_DB_CLUSTER_IDENTIFIER --backup-retention-period NEW_RETENTION_PERIOD -
Verify Backup Retention Settings: Run the following AWS CLI command to verify that the backup retention period has been updated successfully:
aws neptune describe-db-cluster --db-cluster-identifier YOUR_DB_CLUSTER_IDENTIFIER -
Enable Automated Backups (if not already enabled): If automated backups are not already enabled for your Neptune DB Cluster, you can enable them using the following AWS CLI command:
aws neptune modify-db-cluster --db-cluster-identifier YOUR_DB_CLUSTER_IDENTIFIER --backup-retention-period NEW_RETENTION_PERIOD --backup-restore-window BACKUP_RESTORE_WINDOW --preferred-backup-window PREFERRED_BACKUP_WINDOW --enable-iam-database-authentication -
Monitor Backup Retention: Regularly monitor the backup retention settings for your Neptune DB Cluster to ensure that the configured retention period meets your data protection and compliance requirements.
By following these steps, you can remediate the misconfiguration for Neptune DB Cluster backup retention check in AWS RDS using AWS CLI.
To remediate the misconfiguration of Neptune DB Cluster not having backup retention check for AWS RDS using Python, you can follow these steps:
-
Install the AWS SDK for Python (Boto3) if you haven’t already. You can install it using pip:
pip install boto3 -
Create a Python script with the following code to enable backup retention for your Neptune DB Cluster:
import boto3
# Define the AWS region where your Neptune DB Cluster is located
region = 'your_region'
# Define the name of your Neptune DB Cluster
cluster_identifier = 'your_neptune_cluster_identifier'
# Create a Neptune client
client = boto3.client('neptune', region_name=region)
# Enable backup retention for the Neptune DB Cluster
response = client.modify_db_cluster(
DBClusterIdentifier=cluster_identifier,
BackupRetentionPeriod=7 # Specify the number of days to retain backups
)
print("Backup retention enabled for Neptune DB Cluster: {}".format(cluster_identifier))
-
Replace
'your_region'with the AWS region where your Neptune DB Cluster is located and'your_neptune_cluster_identifier'with the actual name of your Neptune DB Cluster. -
Run the Python script. After successful execution, the backup retention period for your Neptune DB Cluster will be set to the specified number of days (in this case, 7 days).
By following these steps, you can remediate the misconfiguration of Neptune DB Cluster not having backup retention check for AWS RDS using Python.