Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CheckEnableLogExport = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0075", Provider: provider.AWSProvider, Service: "neptune", ShortCode: "enable-log-export", Summary: "Neptune logs export should be enabled", Impact: "Limited visibility of audit trail for changes to Neptune", Resolution: "Enable export logs", Explanation: `Neptune does not have auditing by default. To ensure that you are able to accurately audit the usage of your Neptune instance you should enable export logs.`, Links: []string{ "https://docs.aws.amazon.com/neptune/latest/userguide/auditing.html", }, Terraform: &rules.EngineMetadata{ GoodExamples: terraformEnableLogExportGoodExamples, BadExamples: terraformEnableLogExportBadExamples, Links: terraformEnableLogExportLinks, RemediationMarkdown: terraformEnableLogExportRemediationMarkdown, }, CloudFormation: &rules.EngineMetadata{ GoodExamples: cloudFormationEnableLogExportGoodExamples, BadExamples: cloudFormationEnableLogExportBadExamples, Links: cloudFormationEnableLogExportLinks, RemediationMarkdown: cloudFormationEnableLogExportRemediationMarkdown, }, Severity: severity.Medium, }, func(s *state.State) (results rules.Results) { for _, cluster := range s.AWS.Neptune.Clusters { if cluster.Logging.Audit.IsFalse() { results.Add( "Cluster does not have audit logging enabled.", &cluster, cluster.Logging.Audit, ) } else { results.AddPassed(&cluster) } } return }, )
View Source
var CheckEnableStorageEncryption = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0076", Provider: provider.AWSProvider, Service: "neptune", ShortCode: "enable-storage-encryption", Summary: "Neptune storage must be encrypted at rest", Impact: "Unencrypted sensitive data is vulnerable to compromise.", Resolution: "Enable encryption of Neptune storage", Explanation: `Encryption of Neptune storage ensures that if their is compromise of the disks, the data is still protected.`, Links: []string{ "https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html", }, Terraform: &rules.EngineMetadata{ GoodExamples: terraformEnableStorageEncryptionGoodExamples, BadExamples: terraformEnableStorageEncryptionBadExamples, Links: terraformEnableStorageEncryptionLinks, RemediationMarkdown: terraformEnableStorageEncryptionRemediationMarkdown, }, CloudFormation: &rules.EngineMetadata{ GoodExamples: cloudFormationEnableStorageEncryptionGoodExamples, BadExamples: cloudFormationEnableStorageEncryptionBadExamples, Links: cloudFormationEnableStorageEncryptionLinks, RemediationMarkdown: cloudFormationEnableStorageEncryptionRemediationMarkdown, }, Severity: severity.High, }, func(s *state.State) (results rules.Results) { for _, cluster := range s.AWS.Neptune.Clusters { if cluster.StorageEncrypted.IsFalse() { results.Add( "Cluster does not have storage encryption enabled.", &cluster, cluster.StorageEncrypted, ) } else if cluster.KMSKeyID.IsEmpty() { results.Add( "Cluster does not encrypt data with a customer managed key.", &cluster, cluster.KMSKeyID, ) } else { results.AddPassed(&cluster) } } return }, )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.