Back to All Checks
Low Neptune Regional

Neptune DB clusters should have deletion protection enabled

NIST 800-53

Description

This control checks if a Neptune DB cluster has deletion protection enabled. The control fails if a Neptune DB cluster doesn't have deletion protection enabled. Enabling cluster deletion protection offers an additional layer of protection against accidental database deletion or deletion by an unauthorized user. A Neptune DB cluster can't be deleted while deletion protection is enabled. You must first disable deletion protection before a delete request can succeed.

Remediation

To remediate Neptune DB clusters without deletion protection enabled, you need to enable deletion protection for the cluster.

Steps

  1. Navigate to the Amazon Neptune console
  2. Select the DB cluster that needs remediation
  3. Click on 'Modify' to edit the cluster configuration
  4. In the 'Backup' section, locate 'Deletion protection'
  5. Enable 'Deletion protection' by checking the box
  6. Review the deletion protection settings
  7. Apply the changes during the next maintenance window or immediately
  8. Verify that deletion protection is enabled in the cluster details
  9. Test that the cluster cannot be deleted while protection is enabled
  10. Document the change and inform relevant team members

Compliance

NIST 800-53
Start Your Free Security Check