AWS Config Rule: Redshift Cluster Public Access Prohibited
REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK
Fernando Honig
Last Update 6 months ago
Description: Checks if Amazon Redshift clusters are not publicly accessible. The rule is NON_COMPLIANT if the publiclyAccessible field is true in the cluster configuration item.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Canada West (Calgary), Europe (Spain) Region
How to Resolve Manually
To resolve this manually, login to your AWS Management Console and navigate to Amazon Redshift.
Go to Clusters on your left menu and then:
- Select the cluster you’re trying to connect.
- Choose the Actions tab and choose Change publicly accesible setting.
- For Allow instances and devices outside the VPC to connect to your database through the cluster endpoint, select No.
How to Resolve with StackZone
StackZone can automatically remediate this for you for all NON_COMPLIANT Redshift Clusters found to be publicly accessible. StackZone will run an SSM Document which will use the ModifyCluster API to disable public access.
Caution though, this will automatically remediate all Redshift Clusters found within your AWS Account found to be NON_COMPLIANT by this AWS Config Rule.
To enable this in your StackZone deployment, head on over to Provisioning / Baseline Services / AWS Config Rules Regional / Amazon Redshift and enable Amazon Redshift Public Access Remediation.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here