AWS Config Rule: Redshift Cluster Public Access Prohibited


Fernando Honig

Last Update 2 个月前

Description: Checks if Amazon Redshift clusters are not publicly accessible. The rule is NON_COMPLIANT if the publiclyAccessible field is true in the cluster configuration item.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Canada West (Calgary), Europe (Spain) Region

How to Resolve Manually

To resolve this manually, login to your AWS Management Console and navigate to Amazon Redshift.

Go to Clusters on your left menu and then:

  • Select the cluster you’re trying to connect.
  • Choose the Actions tab and choose Change publicly accesible setting.
  • For Allow instances and devices outside the VPC to connect to your database through the cluster endpoint, select No.

How to Resolve with StackZone

StackZone can automatically remediate this for you for all NON_COMPLIANT Redshift Clusters found to be publicly accessible. StackZone will run an SSM Document which will use the ModifyCluster API to disable public access.

Caution though, this will automatically remediate all Redshift Clusters found within your AWS Account found to be NON_COMPLIANT by this AWS Config Rule.

To enable this in your StackZone deployment, head on over to Provisioning / Baseline Services / AWS Config Rules Regional / Amazon Redshift and enable Amazon Redshift Public Access Remediation.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us