Ensure that the data available on your Amazon Neptune database instances is encrypted in order to meet regulatory requirements and prevent unauthorized users from accessing sensitive information. Encryption provides an additional layer of protection by securing your Neptune databases from unauthorized access to the underlying storage. Neptune is a fast, scalable, highly secure and fully-managed graph database service that makes it easy to build and run applications that work with deeply connected datasets.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When your cloud applications are working with sensitive or private data, it is strongly recommended to implement encryption in order to protect this data from unapproved access and fulfill any compliance requirements strictly defined within your organization for data-at-rest encryption.
To determine if your Amazon Neptune database instances are using encryption at rest, perform the following actions:
To enable data encryption for an existing Amazon Neptune database instance, you must re-create that instance with the necessary encryption configuration. In order to do that, take an instance snapshot, enable data-at-rest encryption, then restore the snapshot by performing the following:Note: Enabling data-at-rest encryption for existing Amazon Neptune database instances using the AWS Command Line Interface (CLI) is not currently supported.