Skip to content

Neptune logging is not enabled

Description

These logs can be used to analyse traffic patterns and troubleshoot security and operational issues.
It is recommended that you set your cluster to optionally export its' logs to AWS Cloudwatch.

Fix - Runtime

AWS Console

TBA

Fix - Buildtime

Terraform

  • Resource: aws_neptune_cluster
  • Argument: enable_cloudwatch_logs_exports
resource "aws_neptune_cluster" "Pike" {
  cluster_identifier   = var.DBClusterIdentifier

    ...
+ enable_cloudwatch_logs_exports      = ["audit"]
}

CloudFormation

  • Resource: AWS::Neptune::DBCluster
  • Argument: Properties.EnableCloudWatchLogExports
Type: "AWS::Neptune::DBCluster"
    Properties:
        ...
+       EnableCloudwatchLogsExports: ["audit"]