Detections
Analytics

Ensure audit logging feature is enabled for AWS Redshift clusters

LOW

Description

AWS Redshift Clusters have audit logging disabled. Logging data can be extremely useful for security and compliance audits or troubleshooting sessions.

Remediation

Amazon Redshift logs can be exported to either an S3 bucket or to Cloudwatch. To prepare for either, follow the AWS documentation guide (below) on how to configure the appropriate destination prior to enabling logging, then continue with the cluster configuration steps.

In AWS Console -

  1. Sign in to the AWS Console and open the Redshift Console.
  2. On the navigation bar select Clusters, then choose the cluster you wish to edit.
  3. Click on the Properties tab.
  4. In Database Configurations, select the Edit drop-down, and then choose Edit audit logging.
  5. Set to Turn on.

In Terraform -

  1. In the aws_redshift_cluster resource, set logging.enable to true.
  2. Configure either S3 or Cloudwatch as a destination using the fields provided in the Terraform documentation.

References:
https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#logging

Policy Details

Rule Reference ID: AC_AWS_0200
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_redshift_cluster
Resource Category: Database
Resource Type: Redshift

Frameworks