Description

To minimize security risks, it is important to ensure that your Amazon Redshift clusters are not publicly accessible. When Redshift clusters have a public IP address and are accessible from the internet, it increases the likelihood of malicious activity such as SQL injections and Distributed Denial of Service (DDoS) attacks from any machine on the internet. Therefore, it is recommended that you configure your Redshift clusters to be accessible only within your private network or from trusted IP addresses. By doing so, you can help to reduce the risk of unauthorized access to your Redshift clusters and protect your data from potential security breaches.

Remediation

To ensure that Amazon Redshift clusters are not publicly accessible, you can follow these remediation steps:

  1. Log in to your AWS Management Console and navigate to the Amazon Redshift console.
  2. Identify the Redshift cluster(s) that need to be secured from public access.
  3. Check the "Publicly Accessible" attribute of the Redshift cluster. If it is set to "Yes," the cluster can be accessed publicly. If it is set to "No," the cluster is not publicly accessible.
  4. If the "Publicly Accessible" attribute is set to "Yes," select the cluster and click on the "Modify" button.
  5. Under the "Network and Security" section, set the "Publicly Accessible" attribute to "No."
  6. Optionally, you can also configure the cluster to only allow connections from specific IP addresses or security groups.
  7. Click "Modify Cluster" to save the changes.
  8. Redshift will initiate a cluster resize operation to apply the changes. This will result in a temporary downtime for the cluster.
  9. Once the cluster resize operation is complete, verify that the cluster is no longer publicly accessible.

By following these steps, you can ensure that your Amazon Redshift clusters are not publicly accessible, which will help to reduce the risk of unauthorized access and protect your data. It is important to note that making Redshift clusters publicly accessible should be avoided unless absolutely necessary and always should be carefully evaluated and implemented with proper security measures in place.


Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.