Low

Ensure Redshift clusters are using a custom master user name instead of the default master user name

Security & Compliance
APRA
CCPA
CIS 8
GDPR
HITRUST
ISO 27001
MAS
NIST 800-53
PCI-DSS
AWS Well-Architected Framework
Description

It is recommended to use custom master user names for your Redshift database clusters instead of the default master user name ("awsuser") to enhance the security of your clusters against non-targeted attacks. Changing the default master user name is a basic security measure that can improve the overall security, but it does not provide complete protection against attackers who can guess or obtain the user names through social engineering. For advanced Redshift database security, it is recommended to restrict the root account to privileged users, use strong and complex passwords, and grant permissions to trusted users only at the database level. The default master user name ("awsuser") used to access your Redshift database clusters can pose a security risk. Changing the master user name to a custom one will add an extra layer of security and protect your publicly accessible Amazon Redshift clusters from potential hacking attempts.

Remediation

To remediate this issue and ensure Redshift clusters are using a custom master user name instead of the default master user name, follow these steps:

  1. Connect to your Redshift cluster using an account that has sufficient permissions to modify the master user.
  2. Create a new user with administrative privileges using a custom name, such as "myadminuser".
  3. Log out of the Redshift cluster and log back in using the new user credentials to confirm the new user has been created successfully.
  4. Revoke the administrative privileges of the default master user "awsuser".
  5. Optionally, delete the default master user "awsuser" to prevent any unauthorized access.

By following these steps, you will have successfully changed the default master user name to a custom name, adding an extra layer of security to your Redshift clusters.

Enforced Resources
Redshift
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.