Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CheckEnableLogExport = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0075", Provider: providers.AWSProvider, Service: "neptune", ShortCode: "enable-log-export", Summary: "Neptune logs export should be enabled", Impact: "Limited visibility of audit trail for changes to Neptune", Resolution: "Enable export logs", Explanation: `Neptune does not have auditing by default. To ensure that you are able to accurately audit the usage of your Neptune instance you should enable export logs.`, Links: []string{ "https://docs.aws.amazon.com/neptune/latest/userguide/auditing.html", }, Terraform: &rules.EngineMetadata{ GoodExamples: terraformEnableLogExportGoodExamples, BadExamples: terraformEnableLogExportBadExamples, Links: terraformEnableLogExportLinks, RemediationMarkdown: terraformEnableLogExportRemediationMarkdown, }, CloudFormation: &rules.EngineMetadata{ GoodExamples: cloudFormationEnableLogExportGoodExamples, BadExamples: cloudFormationEnableLogExportBadExamples, Links: cloudFormationEnableLogExportLinks, RemediationMarkdown: cloudFormationEnableLogExportRemediationMarkdown, }, Severity: severity.Medium, }, func(s *state.State) (results rules.Results) { for _, cluster := range s.AWS.Neptune.Clusters { if cluster.Logging.Audit.IsFalse() { results.Add( "Cluster does not have audit logging enabled.", cluster.Logging.Audit, ) } else { results.AddPassed(&cluster) } } return }, )
View Source
var CheckEnableStorageEncryption = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0076", Provider: providers.AWSProvider, Service: "neptune", ShortCode: "enable-storage-encryption", Summary: "Neptune storage must be encrypted at rest", Impact: "Unencrypted sensitive data is vulnerable to compromise.", Resolution: "Enable encryption of Neptune storage", Explanation: `Encryption of Neptune storage ensures that if their is compromise of the disks, the data is still protected.`, Links: []string{ "https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html", }, Terraform: &rules.EngineMetadata{ GoodExamples: terraformEnableStorageEncryptionGoodExamples, BadExamples: terraformEnableStorageEncryptionBadExamples, Links: terraformEnableStorageEncryptionLinks, RemediationMarkdown: terraformEnableStorageEncryptionRemediationMarkdown, }, CloudFormation: &rules.EngineMetadata{ GoodExamples: cloudFormationEnableStorageEncryptionGoodExamples, BadExamples: cloudFormationEnableStorageEncryptionBadExamples, Links: cloudFormationEnableStorageEncryptionLinks, RemediationMarkdown: cloudFormationEnableStorageEncryptionRemediationMarkdown, }, Severity: severity.High, }, func(s *state.State) (results rules.Results) { for _, cluster := range s.AWS.Neptune.Clusters { if cluster.StorageEncrypted.IsFalse() { results.Add( "Cluster does not have storage encryption enabled.", cluster.StorageEncrypted, ) } else { results.AddPassed(&cluster) } } return }, )
View Source
var CheckEncryptionCustomerKey = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0128", Provider: providers.AWSProvider, Service: "neptune", ShortCode: "encryption-customer-key", Summary: "Neptune encryption should use Customer Managed Keys", Impact: "Using AWS managed keys does not allow for fine grained control", Resolution: "Enable encryption using customer managed keys", Explanation: `Encryption using AWS keys provides protection for your Neptune underlying storage. To increase control of the encryption and manage factors like rotation use customer managed keys.`, Links: []string{ "https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html", }, Terraform: &rules.EngineMetadata{ GoodExamples: terraformCheckEncryptionCustomerKeyGoodExamples, BadExamples: terraformCheckEncryptionCustomerKeyBadExamples, Links: terraformCheckEncryptionCustomerKeyLinks, RemediationMarkdown: terraformCheckEncryptionCustomerKeyRemediationMarkdown, }, CloudFormation: &rules.EngineMetadata{ GoodExamples: cloudFormationCheckEncryptionCustomerKeyGoodExamples, BadExamples: cloudFormationCheckEncryptionCustomerKeyBadExamples, Links: cloudFormationCheckEncryptionCustomerKeyLinks, RemediationMarkdown: cloudFormationCheckEncryptionCustomerKeyRemediationMarkdown, }, Severity: severity.High, }, func(s *state.State) (results rules.Results) { for _, cluster := range s.AWS.Neptune.Clusters { if cluster.KMSKeyID.IsEmpty() { results.Add( "Cluster does not encrypt data with a customer managed key.", cluster.KMSKeyID, ) } else { results.AddPassed(&cluster) } } return }, )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.