Ensure Redshift Clusters are not Publicly Accessible

Checks if Amazon Redshift clusters are configured to prohibit public access, preventing unauthorized external connections.

Rule	Amazon Redshift clusters should prohibit public access
Framework	AWS Foundational Security Best Practices
Severity	✔ Critical

Description

Amazon Redshift clusters should be configured to prohibit public access in order to adhere to AWS Foundational Security Best Practices. Allowing public access to Redshift clusters can expose sensitive data and resources to unauthorized access and potential security breaches.

Troubleshooting Steps

If public access has been inadvertently enabled for an Amazon Redshift cluster, the following steps can be taken to remediate the issue:

1.
Access the AWS Management Console.

2.
Navigate to the Amazon Redshift service.

3.
Identify the affected Redshift cluster.

4.
Check the cluster's security group settings to determine if public access is allowed.

5.
If public access is enabled, update the security group rules to restrict access to authorized IPs or within a VPC.

6.
Ensure that inbound rules only permit incoming traffic from trusted sources.

7.
Save the changes to apply the new security group settings.

Necessary Codes

If necessary, the following AWS CLI command can be used to update the security group rules for an Amazon Redshift cluster:

aws redshift authorize-cluster-security-group-ingress --cluster-security-group-name <security-group-name> --cidr <CIDR block> --protocol <protocol> --port <port>

Step-by-Step Guide for Remediation

1.
Open a terminal or command prompt.

2.
Run the AWS CLI command to update the cluster's security group rules, ensuring that public access is prohibited.

3.
Replace
```
<security-group-name>
```
with the name of the Redshift cluster's security group.

4.
Specify the
```
<CIDR block>
```
of the authorized IP range that should have access to the cluster.

5.
Specify the
```
<protocol>
```
and
```
<port>
```
that will be allowed for inbound traffic.

6.
Once the command is executed successfully, verify the updated security group rules in the AWS Management Console to ensure public access has been restricted.

Following these steps will help to ensure that public access to the Amazon Redshift cluster is prohibited, aligning with AWS Foundational Security Best Practices.

Ensure Redshift Clusters are not Publicly Accessible

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description

Troubleshooting Steps

Necessary Codes

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now