Back to All Checks
Medium DMS Regional

DMS endpoints for Neptune databases should have IAM authorization enabled

NIST 800-53PCI DSS v4.0.1PCI DSS v7.3.1

Description

This control checks whether an AWS DMS endpoint for an Amazon Neptune database is configured with IAM authorization. The control fails if the DMS endpoint doesn't have IAM authorization enabled. AWS Identity and Access Management (IAM) provides fine-grained access control across AWS. With IAM, you can specify who can access which services and resources, and under which conditions. With IAM policies, you manage permissions to your workforce and systems to ensure least-privilege permissions. By enabling IAM authorization on AWS DMS endpoints for Neptune databases, you can grant authorization privileges to IAM users by using a service role specified by the ServiceAccessRoleARN parameter.

Remediation

Enable IAM authorization for your DMS endpoints that connect to Neptune databases to ensure fine-grained access control.

Steps

  1. Navigate to the AWS DMS console
  2. Go to the Endpoints section
  3. Select the Neptune endpoint that needs IAM authorization
  4. Modify the endpoint configuration
  5. In the 'Authentication' section, enable 'IAM database authentication'
  6. Configure the 'Service access role ARN' parameter
  7. Ensure the IAM role has appropriate permissions for Neptune access
  8. Save the configuration changes
  9. Verify that IAM authorization is now enabled for the Neptune endpoint

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v7.3.1
Start Your Free Security Check