Back to All Checks
Low Neptune Regional

Neptune DB clusters should be configured to copy tags to snapshots

NIST 800-53

Description

This control checks if a Neptune DB cluster is configured to copy all tags to snapshots when the snapshots are created. The control fails if a Neptune DB cluster isn't configured to copy tags to snapshots. Identification and inventory of your IT assets is a crucial aspect of governance and security. You should tag snapshots in the same way as their parent Amazon RDS database clusters. Copying tags ensures that the metadata for the DB snapshots matches that of the parent database clusters, and that access policies for the DB snapshot also match those of the parent DB instance.

Remediation

To remediate Neptune DB clusters without copy tags to snapshots enabled, you need to enable this feature for the cluster.

Steps

  1. Navigate to the Amazon Neptune console
  2. Select the DB cluster that needs remediation
  3. Click on 'Modify' to edit the cluster configuration
  4. In the 'Backup' section, locate 'Copy tags to snapshots'
  5. Enable 'Copy tags to snapshots' by checking the box
  6. Review the tagging configuration
  7. Apply the changes during the next maintenance window or immediately
  8. Verify that copy tags to snapshots is enabled in the cluster details
  9. Create a test snapshot to verify tags are copied
  10. Update any documentation or processes that reference snapshot tagging

Compliance

NIST 800-53
Start Your Free Security Check