Neptune cluster has deletion protection enabled
neptune_cluster_deletion_protection
Neptune DB cluster has deletion protection enabled.
Risk
Absence of deletion protection weakens availability and integrity: clusters can be removed by accidental admin actions, rogue automation, or compromised credentials.
Cluster deletion causes immediate service outage, potential permanent data loss, and extended recovery time if backups or restores are insufficient.
prowler aws --checks neptune_cluster_deletion_protection
Recommendation
Enable deletion protection for production Neptune clusters and apply the principles of least privilege and separation of duties for delete operations.
Enforce change-control approvals, restrict delete permissions to audited roles, and limit automated workflows that can perform destructive actions to prevent accidental or malicious deletions.
Remediation
aws neptune modify-db-cluster --db-cluster-identifier <DB_CLUSTER_IDENTIFIER> --deletion-protection --apply-immediately
- Sign in to the AWS Management Console and open Amazon Neptune
- In the navigation pane, choose Databases
- Select the DB cluster and choose Modify
- Enable Deletion protection
- Choose Apply immediately (if shown) and then Modify DB cluster
Source Code
Resource Type
Other