Redshift Cluster Should Not Be Publicly Accessible
More Info:
Amazon Redshift clusters should not be publicly accessible in order to minimise security risks.Risk Level
HighAddress
SecurityCompliance Standards
HIPAA, NIST, PCIDSS, HITRUST, SOC2, GDPR, NISTCSF, FedRAMPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of an AWS Redshift cluster being publicly accessible, follow these steps using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/) and login with your credentials.
- Navigate to Amazon Redshift: From the AWS Management Console, navigate to the Amazon Redshift service.
- Select the Redshift Cluster: In the Amazon Redshift dashboard, select the Redshift cluster that is publicly accessible.
- Modify Cluster: Click on the cluster that you want to modify to access its details.
- Modify Cluster Settings: In the cluster details page, click on the “Modify” button to change the cluster settings.
- Update Cluster Security Group: Scroll down to the Network and Security section and locate the “VPC security groups” setting.
- Edit Security Groups: Click on the “Edit” button next to the security group associated with the Redshift cluster.
- Remove Public Ingress Rules: In the security group settings, remove any inbound rules that allow traffic from sources outside of your VPC or trusted networks.
- Save Changes: Once you have removed the public ingress rules, click on the “Save” button to apply the changes.
- Verify Changes: After saving the changes, verify that the Redshift cluster is no longer publicly accessible by checking the cluster’s endpoint and ensuring it is not accessible from outside networks.
Using CLI
Using CLI
To remediate the issue of an AWS Redshift cluster being publicly accessible, follow these steps using the AWS CLI:Step 1: List all the Redshift clusters in your AWS account to identify the cluster that is publicly accessible.Step 2: Identify the Redshift cluster that is publicly accessible by checking the value of the After running these commands, your AWS Redshift cluster should no longer be publicly accessible. Make sure to replace
PubliclyAccessible parameter in the cluster description.Step 3: Modify the Redshift cluster to make the cluster not publicly accessible by updating the cluster’s security group. Replace your-security-group-id with the appropriate security group ID of your Redshift cluster.your-cluster-identifier and your-security-group-id with the actual values for your Redshift cluster.Using Python
Using Python
To remediate the misconfiguration of an AWS Redshift cluster being publicly accessible, you can follow these steps using Python and the AWS SDK (boto3):Step 1: Install the AWS SDK (boto3) if you haven’t already:Step 2: Use the following Python script to modify the Redshift cluster parameter group to disable public accessibility:Make sure to replace
'your-redshift-cluster-identifier' with the actual identifier of your Redshift cluster.Step 3: Run the Python script to remediate the misconfiguration and make the Redshift cluster not publicly accessible.By following these steps, you can remediate the misconfiguration of an AWS Redshift cluster being publicly accessible using Python and the AWS SDK (boto3).