Back to All Checks
Critical Neptune Regional

Neptune DB cluster snapshots should not be public

NIST 800-53PCI DSS v4.0.1PCI DSS v1.4.4

Description

This control checks whether a Neptune manual DB cluster snapshot is public. The control fails if a Neptune manual DB cluster snapshot is public. A Neptune DB cluster manual snapshot should not be public unless intended. If you share an unencrypted manual snapshot as public, the snapshot is available to all AWS accounts. Public snapshots may result in unintended data exposure.

Remediation

To remediate Neptune DB cluster snapshots that are public, you need to make them private.

Steps

  1. Navigate to the Amazon Neptune console
  2. Go to 'Snapshots' in the left navigation pane
  3. Select the public snapshot that needs remediation
  4. Click on 'Actions' and select 'Modify snapshot permissions'
  5. In the 'Snapshot permissions' dialog, remove 'Public' access
  6. Ensure only specific AWS accounts or AWS account IDs are listed for restore access
  7. Review the access permissions carefully
  8. Click 'Save' to apply the changes
  9. Verify that the snapshot is no longer publicly accessible
  10. Test access from a different AWS account to confirm the snapshot is private

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v1.4.4
Start Your Free Security Check