You must be logged in to view saved presets
Cloudformation Guard Rules for Amazon Neptune
CloudFormation guard rules template for Amazon Neptune resources
The following rules are included:
- Encryption At-Rest Enabled
- Audit Logging Enabled
- Backup Retention Period > 7 Days
- Deletion Protection Enabled
let neptune_dbclusters = Resources.*[
Type == "AWS::Neptune::DBCluster"
]
rule neptune_encryption_at_rest when %neptune_dbclusters !empty {
%neptune_dbclusters {
Properties {
StorageEncrypted exists <<StorageEncrypted is not configured. (i.e. disabled)>>
when StorageEncrypted exists {
StorageEncrypted == true <<StorageEncrypted is disabled.>>
}
}
}
}
rule neptune_audit_logs_enabled when %neptune_dbclusters !empty {
%neptune_dbclusters {
Properties {
EnableCloudwatchLogsExports exists <<EnableCloudwatchLogsExports is not configured. (i.e. disabled)>>
when EnableCloudwatchLogsExports exists {
some EnableCloudwatchLogsExports[*] == "audit" <<Audit logs is disabled.>>
}
}
}
}
rule neptune_backup_retention_period when %neptune_dbclusters !empty {
%neptune_dbclusters {
Properties {
BackupRetentionPeriod exists <<BackupRetentionPeriod is not configured. (i.e. default is 1)>>
when BackupRetentionPeriod exists {
BackupRetentionPeriod >= 7 <<BackupRetentionPeriod is set to less than 7 days.>>
}
}
}
}
rule neptune_deletion_protection when %neptune_dbclusters !empty {
%neptune_dbclusters {
Properties {
DeletionProtection exists <<DeletionProtection is not configured. (i.e. disabled)>>
when DeletionProtection exists {
DeletionProtection == true <<DeletionProtection is disabled.>>
}
}
}
}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.