Encrypt Redshift Clusters at Rest

Verifies that Amazon Redshift clusters are encrypted at rest using KMS to protect sensitive data.

Rule	Redshift clusters should be encrypted at rest
Framework	AWS Foundational Security Best Practices
Severity	✔ Medium

Rule Description

Redshift clusters should be encrypted at rest to comply with AWS Foundational Security Best Practices. Encrypting data at rest provides an added layer of security by ensuring that sensitive information is protected from unauthorized access.

Troubleshooting Steps

If encryption at rest is not enabled for your Redshift clusters, you can follow the steps below to enable it:

1.
Check the current encryption status of your Redshift clusters.

2.
Enable encryption at rest for the Redshift clusters that are not already encrypted.

3.
Verify that encryption at rest is functioning as expected.

Necessary Codes

If encryption at rest is not enabled for your Redshift clusters, you can use the AWS Command Line Interface (CLI) to enable it by modifying the cluster using the

modify-cluster

command with the

--encrypted

parameter.

aws redshift modify-cluster --cluster-identifier <cluster-identifier> --encrypted

Step-by-Step Guide for Remediation

1.

Open the AWS CLI or AWS Management Console.

2.
Check the encryption status of your Redshift clusters by running the following command:
```
aws redshift describe-clusters --query "Clusters[*].[ClusterIdentifier,Encrypted]"
```

3.

Identify the Redshift clusters that are not encrypted at rest.

4.
Enable encryption at rest for a specific Redshift cluster by running the following command:
```
aws redshift modify-cluster --cluster-identifier <cluster-identifier> --encrypted
```

5.
Verify that encryption at rest is enabled for the cluster by checking the encryption status again:
```
aws redshift describe-clusters --query "Clusters[*].[ClusterIdentifier,Encrypted]"
```

6.

Repeat the above steps for any other Redshift clusters that are not encrypted at rest.

By following these steps, you can ensure that your Redshift clusters are encrypted at rest to align with AWS Foundational Security Best Practices.

Encrypt Redshift Clusters at Rest

.css-rso7cu{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#01130E;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-rso7cu{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#01130E;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes

.css-rso7cu{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#01130E;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps

Necessary Codes

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now