To ensure better flexibility and control over your Redshift clusters, it is recommended to provision them within the AWS EC2-VPC platform instead of the outdated EC2-Classic platform. Provisioning Amazon Redshift clusters within the EC2-VPC platform can provide several benefits such as a more robust networking infrastructure with network isolation, cluster subnet groups, and Elastic IP addresses. Additionally, it allows for more flexible control over access security with the use of network ACLs and VPC security group outbound traffic filtering. Finally, EC2-VPC platform provides access to newer and powerful node types such as DS2.
Here are the remediation steps to ensure that Redshift clusters are provisioned within a VPC:
- Create a new VPC or use an existing one. Ensure that the VPC has at least two subnets in different availability zones.
- Create a new Amazon Redshift cluster within the VPC by selecting the appropriate VPC and subnets during the creation process.
- Ensure that all necessary security groups are created and attached to the Redshift cluster. Configure the security group rules to allow access only to the necessary ports and protocols.
- If needed, configure a VPC endpoint to allow secure access to Redshift from within the VPC, without needing an internet gateway or NAT instance.
- Migrate any existing Redshift clusters from the EC2-Classic platform to the EC2-VPC platform. This may require creating a new cluster within the VPC and transferring data from the old cluster to the new one.
- Verify that the Redshift clusters are provisioned within the VPC by reviewing the cluster configuration details and checking the VPC ID and associated subnets.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.
