Ensure that IAM Database Authentication feature is enabled for your Amazon Neptune database clusters in order to make use of AWS Identity and Access Management (IAM) service to manage database access. With this feature enabled, you don't have to use a password when you connect to your Neptune clusters, instead all requests to your database clusters are automatically signed with an access key, which consists of an access key ID and secret access key.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
IAM Database Authentication for AWS Neptune database clusters removes the need of storing user credentials within the database configuration because authentication is managed externally using AWS IAM. Enabling IAM Database Authentication feature provides multiple benefits such as in-transit encryption - the network traffic to and from database clusters is encrypted using SSL, centralized management - using AWS IAM to centrally manage access to your Neptune resources, instead of managing access individually for each database cluster and enhanced security - all authentication requests are automatically signed with a secure access key instead of using a password.
To determine if your AWS Neptune database clusters are using IAM Database Authentication, perform the following actions:
Remediation / Resolution
To enable IAM Database Authentication for your existing Amazon Neptune clusters in order to manage your Neptune database user credentials through AWS Identity and Access Management service, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
IAM Database Authentication for Neptune
Risk level: Medium