CloudWiki
Rules
Medium

Ensure Redshift clusters Enhanced VPC Routing feature is enabled

Security & Compliance
No items found.
Description

To ensure that your network traffic is under your control, it is recommended to enable Enhanced VPC Routing for your Amazon Redshift data warehouse clusters. This feature forces traffic between your clusters and AWS cloud resources to go through the Virtual Private Cloud (VPC), instead of the Internet. When Enhanced VPC Routing is enabled, you can leverage VPC network features such as security groups, Network Access Control Lists (NACLs), VPC endpoints, VPC endpoint policies, Internet gateways, and Domain Name System (DNS) servers to tightly manage the flow of data between your Amazon Redshift clusters and other cloud resources. By using these features, you can ensure that your network traffic is secure and controlled.

Remediation

Here are the remediation steps to ensure that Enhanced VPC Routing is enabled for your Amazon Redshift clusters:

  1. Open the Amazon Redshift console.
  2. Navigate to the "Clusters" page and select the Redshift cluster you want to update.
  3. Click on the "Properties" tab.
  4. Under the "Network and security" section, check if "Enhanced VPC Routing" is enabled. If it is not, proceed to step 5.
  5. Click on the "Modify" button.
  6. Select "Enhanced VPC Routing" under the "Network and security" section.
  7. Review the changes and click on the "Modify cluster" button to apply the changes.
  8. Wait for the modification to complete.

Once the above steps are completed, Enhanced VPC Routing will be enabled for your Amazon Redshift cluster, and your network traffic will be routed through the Virtual Private Cloud (VPC). You can then use standard VPC network features to manage the flow of data between your Amazon Redshift clusters and other cloud resources.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.