AWS Config Rule: Redshift Cluster Public Access Prohibited

REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

Fernando Honig

Last Update 8 months ago

Description: Checks if Amazon Redshift clusters are not publicly accessible. The rule is NON_COMPLIANT if the publiclyAccessible field is true in the cluster configuration item.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

To resolve this manually, login to your AWS Management Console and navigate to Amazon Redshift.


Go to Clusters on your left menu and then:

  • Select the cluster you’re trying to connect.
  • Choose the Actions tab and choose Change publicly accesible setting.
  • For Allow instances and devices outside the VPC to connect to your database through the cluster endpoint, select No.

How to Resolve with StackZone

StackZone can automatically remediate this for you for all NON_COMPLIANT Redshift Clusters found to be publicly accessible. StackZone will run an SSM Document which will use the ModifyCluster API to disable public access.


Caution though, this will automatically remediate all Redshift Clusters found within your AWS Account found to be NON_COMPLIANT by this AWS Config Rule.


To enable this in your StackZone deployment, head on over to Provisioning / Baseline Services / AWS Config Rules Regional / Amazon Redshift and enable Amazon Redshift Public Access Remediation.


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us