CloudWiki
Rules
Medium

Ensure Redshift clusters are using desired node types

Security & Compliance
Description

By enabling this rule, you can define the appropriate node types for your Amazon Redshift clusters based on your workload needs. This helps ensure that the nodes in your cluster meet your organization's requirements and avoids any unexpected charges on your AWS bill. By setting limits for the type of AWS Redshift cluster nodes, you can also meet internal compliance requirements.

Remediation

Here are the remediation steps to ensure Redshift clusters are using desired node types:

  1. Identify the workload requirements for your Amazon Redshift clusters, such as the amount of data processed, the number of concurrent users, and the type of queries executed.
  2. Determine the appropriate node type for your workload based on its requirements. You can choose from a variety of node types, including Dense Storage (DS), Dense Compute (DC), and Concurrency Scaling (CS) nodes.
  3. Set limits for the type of AWS Redshift cluster nodes that can be launched within your AWS account to ensure that only the desired node types are used. You can accomplish this by enabling the desired node type rule within your Cloud Conformity account.
  4. Monitor your Amazon Redshift clusters to ensure that they are using the desired node types. You can use the AWS Management Console, AWS Command Line Interface (CLI), or Cloud Conformity dashboard to monitor the cluster types.
  5. If a Redshift cluster is using an undesired node type, replace it with a desired node type by creating a new cluster with the appropriate configuration and migrating the data from the old cluster to the new one.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.