Ensure that the data available on your Amazon Neptune database instances is encrypted in order to meet regulatory requirements and prevent unauthorized users from accessing sensitive information. Encryption provides an additional layer of protection by securing your Neptune databases from unauthorized access to the underlying storage. Neptune is a fast, scalable, highly secure and fully-managed graph database service that makes it easy to build and run applications that work with deeply connected datasets.
This rule can help you with the following compliance standards:
- PCI
- HIPAA
- GDPR
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When your cloud applications are working with sensitive or private data, it is strongly recommended to implement encryption in order to protect this data from unapproved access and fulfill any compliance requirements strictly defined within your organization for data-at-rest encryption.
Audit
To determine if your Amazon Neptune database instances are using encryption at rest, perform the following actions:
Remediation / Resolution
To enable data encryption for an existing Amazon Neptune database instance, you must re-create that instance with the necessary encryption configuration. In order to do that, take an instance snapshot, enable data-at-rest encryption, then restore the snapshot by performing the following:
Note: Enabling data-at-rest encryption for existing Amazon Neptune database instances using the AWS Command Line Interface (CLI) is not currently supported.References
- AWS Documentation
- Amazon Neptune FAQs
- What Is Amazon Neptune?
- Working with Amazon Neptune DB Clusters
- Encrypting Neptune Resources
- AWS Command Line Interface (CLI) Documentation
- neptune
- describe-db-instances