Ensure SSL is enforced for parameter groups associated with AWS Redshift clusters

MEDIUM

Description

Parameter groups associated with AWS Redshift clusters do not have SSL enforced for incoming connections which may expose sensitive customer data.

Remediation

In AWS Console -

Sign in to the AWS Console and open the Amazon Redshift console.
On the navigation menu, select Clusters.
On the Configuration Tab, go to Cluster Properties section and click on the Cluster Parameter Group value link.
Check the value for 'require_ssl' and ensure it is true.

In Terraform -

In the aws_redshift_parameter_group resource, create a parameter block entry that contains the name of require_ssl and value of true.

References:
https://docs.aws.amazon.com/redshift/latest/dg/r_Users.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_parameter_group

Policy Details

Rule Reference ID: AC_AWS_0423

CSP: AWS

Remediation Available: Yes

Domain: Infrastructure Security

Resource: aws_redshift_parameter_group

Resource Category: Database

Resource Type: Redshift

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0