Ensure that IAM Database Authentication feature is enabled for your Amazon Neptune database clusters in order to make use of AWS Identity and Access Management (IAM) service to manage database access. With this feature enabled, you don't have to use a password when you connect to your Neptune clusters, instead all requests to your database clusters are automatically signed with an access key, which consists of an access key ID and secret access key.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
IAM Database Authentication for AWS Neptune database clusters removes the need of storing user credentials within the database configuration because authentication is managed externally using AWS IAM. Enabling IAM Database Authentication feature provides multiple benefits such as in-transit encryption - the network traffic to and from database clusters is encrypted using SSL, centralized management - using AWS IAM to centrally manage access to your Neptune resources, instead of managing access individually for each database cluster and enhanced security - all authentication requests are automatically signed with a secure access key instead of using a password.
Audit
To determine if your AWS Neptune database clusters are using IAM Database Authentication, perform the following actions:
Remediation / Resolution
To enable IAM Database Authentication for your existing Amazon Neptune clusters in order to manage your Neptune database user credentials through AWS Identity and Access Management service, perform the following actions:
References
- AWS Documentation
- Amazon Neptune FAQs
- What Is Amazon Neptune?
- Working with Amazon Neptune DB Clusters
- IAM Database Authentication for Neptune
- Modifying an Amazon Neptune DB Cluster
- AWS Command Line Interface (CLI) Documentation
- neptune
- describe-db-clusters
- modify-db-cluster