More Info:

This rule checks if an Amazon Neptune cluster has AWS Identity and Access Management (IAM) database authentication enabled. It marks the rule as NON_COMPLIANT if an Amazon Neptune cluster does not have IAM database authentication enabled.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration of Neptune Clusters IAM Database Authentication not being enabled for AWS RDS using the AWS console, follow these steps:
  1. Login to AWS Console:
  2. Navigate to RDS Service:
    • In the AWS Management Console, search for “RDS” in the search bar or locate the “Database” section.
    • Click on “RDS” to open the Amazon Relational Database Service dashboard.
  3. Select the Neptune Cluster:
    • From the list of RDS database instances, locate and select the Neptune Cluster for which you want to enable IAM Database Authentication.
  4. Modify the Cluster:
    • In the Neptune Cluster dashboard, click on the “Modify” button to change the cluster settings.
  5. Enable IAM Database Authentication:
    • Scroll down to the “Additional configuration” section in the Modify Cluster page.
    • Look for the “IAM Database Authentication” option and check the box to enable it.
  6. Apply Changes:
    • Scroll to the bottom of the page and click on the “Continue” button.
  7. Review and Apply Changes:
    • Review the changes you are about to make to the Neptune Cluster configuration.
    • If everything looks correct, click on the “Modify cluster” button to apply the changes.
  8. Wait for Modification to Complete:
    • The modification process may take some time to complete. Monitor the status of the modification in the RDS console.
  9. Verify IAM Database Authentication:
    • Once the modification is complete, go back to the Neptune Cluster dashboard.
    • Verify that IAM Database Authentication is now enabled for the cluster.
By following these steps, you can successfully remediate the misconfiguration of Neptune Clusters IAM Database Authentication not being enabled for AWS RDS using the AWS console.

To remediate the misconfiguration for AWS RDS Neptune Clusters IAM Database Authentication should be enabled, follow these steps using AWS CLI:
  1. Enable IAM Database Authentication for Neptune Cluster: Run the following AWS CLI command to modify the Neptune Cluster to enable IAM Database Authentication:
    aws neptune modify-db-cluster --db-cluster-identifier YOUR_DB_CLUSTER_IDENTIFIER --enable-iam-database-authentication
    
    Replace YOUR_DB_CLUSTER_IDENTIFIER with the identifier of your Neptune Cluster.
  2. Wait for the Modification to Complete: The modification process may take some time to complete. You can check the status of the modification by running the following command:
    aws neptune describe-db-clusters --db-cluster-identifier YOUR_DB_CLUSTER_IDENTIFIER --query 'DBClusters[0].IAMDatabaseAuthenticationEnabled'
    
    Replace YOUR_DB_CLUSTER_IDENTIFIER with the identifier of your Neptune Cluster. Wait until the value returned is true.
  3. Verify IAM Database Authentication: You can verify that IAM Database Authentication has been enabled for your Neptune Cluster by running the following command:
    aws neptune describe-db-clusters --db-cluster-identifier YOUR_DB_CLUSTER_IDENTIFIER --query 'DBClusters[0].IAMDatabaseAuthenticationEnabled'
    
    Replace YOUR_DB_CLUSTER_IDENTIFIER with the identifier of your Neptune Cluster. The value returned should be true.
By following these steps, you can remediate the misconfiguration by enabling IAM Database Authentication for your AWS RDS Neptune Cluster using AWS CLI.
To remediate the misconfiguration of IAM Database Authentication not being enabled for Neptune Clusters in AWS RDS using Python, you can follow these steps:
  1. Install the AWS SDK for Python (Boto3) if you haven’t already:
pip install boto3
  1. Use the following Python script to enable IAM Database Authentication for Neptune Clusters in AWS RDS:
import boto3

# Initialize the RDS client
rds_client = boto3.client('rds')

# Specify the name of the Neptune Cluster
neptune_cluster_identifier = 'your-neptune-cluster-identifier'

# Enable IAM Database Authentication for the specified Neptune Cluster
response = rds_client.modify_db_cluster(
    DBClusterIdentifier=neptune_cluster_identifier,
    IAMDatabaseAuthenticationEnabled=True
)

print(f"IAM Database Authentication has been enabled for Neptune Cluster: {neptune_cluster_identifier}")
  1. Replace 'your-neptune-cluster-identifier' with the actual identifier of your Neptune Cluster.
  2. Run the Python script. This will enable IAM Database Authentication for the specified Neptune Cluster in AWS RDS.
By following these steps, you will successfully remediate the misconfiguration of IAM Database Authentication not being enabled for Neptune Clusters in AWS RDS using Python.