Ensure Redshift Clusters are not Publicly Accessible
Checks if Amazon Redshift clusters are configured to prevent public access, maintaining secure network configuration and protecting sensitive PCI data.
| Rule | Amazon Redshift clusters should prohibit public access |
| Framework | PCI v3.2.1 |
| Severity | ✔ Critical |
Rule Description:
Amazon Redshift clusters should prevent public access for PCI v3 compliance. Public access to Amazon Redshift clusters can lead to potential security risks and data breaches, which is not compliant with PCI v3 standards.
Troubleshooting Steps:
If public access is detected for an Amazon Redshift cluster, follow the steps below to remediate the issue:
- 1.Check the current security configurations of the Amazon Redshift cluster.
- 2.Ensure that the cluster is not publicly accessible.
- 3.Review the existing network and security settings to identify any misconfigurations.
Necessary Codes:
There is no specific code for this rule, as it involves configuring the network settings and access controls of the Amazon Redshift cluster.
Remediation Steps:
To enforce the rule and prevent public access for PCI v3 compliance, follow the steps below:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the Amazon Redshift console.
- 3.Select the Redshift cluster that needs to be secured.
- 4.Click on the "Properties" tab.
- 5.Under the "Cluster Permissions" section, ensure that the cluster is not publicly accessible.
- 6.Update the network and security settings if needed to restrict access to authorized resources only.
- 7.Save the changes and verify that the cluster is no longer publicly accessible.
By following these steps, you can ensure that your Amazon Redshift cluster complies with PCI v3 requirements by preventing public access and safeguarding sensitive data.