AWS Config Rule: Redshift Cluster Require TLS SSL

Description: Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients. The rule is NON_COMPLIANT if any Amazon Redshift cluster has parameter require_SSL not set to true.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Europe (Milan), Canada West (Calgary), Europe (Spain) Region

To resolve this manually, you will need to take a look at the assigned Parameter Group for your Redshift Cluster

According to the AWS Documentation on default values for Parameter Groups, the require_ssl parameter is by default set to false.

You will be able to modify the parmeters using the AWS CLI with the following command:

aws redshift modify-cluster-parameter-group --parameter-group-name your-param-group-name --parameters ParameterName=require_ssl,ParameterValue=true

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here