Ensure Redshift clusters are encrypted at-rest

Security & Compliance

To meet security and compliance requirements, it is essential to enable encryption for your Amazon Redshift clusters. AWS handles the data encryption and decryption process seamlessly, without requiring any additional action from you or your application. It is recommended to implement encryption for Redshift clusters that store sensitive data. Although encryption is an optional setting in AWS Redshift, it is crucial to enable it to safeguard your data from unauthorized access and fulfill compliance requirements for data-at-rest encryption.


Here are the remediation steps to ensure Redshift clusters are encrypted at-rest:

  1. Login to your AWS Management Console and navigate to the Amazon Redshift console.
  2. Identify the Redshift cluster(s) that need to be encrypted at-rest.
  3. Check if the cluster is already encrypted by looking at the cluster details. If the cluster is already encrypted, no further action is needed.
  4. If the cluster is not encrypted, select the cluster and click on the "Modify" button.
  5. Under the "Security and Access" section, choose "Encrypted" under the "Encryption" option.
  6. Select the appropriate KMS (Key Management Service) encryption key or create a new one if needed.
  7. Click "Modify Cluster" to save the changes.
  8. Redshift will initiate a cluster resize operation to apply the encryption changes. This will result in a temporary downtime for the cluster.
  9. Once the cluster resize operation is complete, verify that the cluster is now encrypted.

By following these steps, you can ensure that your Redshift clusters are encrypted at-rest, which will help protect your data from unauthorized access and meet compliance requirements for data-at-rest encryption.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.