Detections
Analytics

Ensure encryption is enabled for AWS Redshift clusters

MEDIUM

Description

Redshift clusters can have encryption enabled when the cluster is launched. Encryption is considered best practice and can help protect sensitive data. Encryption is also often required by compliance regulations. For more information, see the AWS Documentation.
References:
https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the Redshift Console.
  2. On the navigation bar select Clusters, then choose the cluster you wish to edit.
  3. Select Properties.
  4. Under Database configurations, choose Edit, then Edit encryption.
  5. Configure as needed.

In Terraform -

  1. In the aws_redshift_cluster resource, set the encrypted field to true.

References:
https://docs.aws.amazon.com/redshift/latest/mgmt/changing-cluster-encryption.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#kms_key_id

Policy Details

Rule Reference ID: AC_AWS_0198
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_redshift_cluster
Resource Category: Database
Resource Type: Redshift

Frameworks