AWS Redshift cluster is not encrypted

ID

aws_redshift_not_encrypted

Severity

high

Vendor

AWS

Resource

Encryption

Tags

reachable

Description

AWS Redshift cluster is not encrypted. Data should be encrypted at rest to reduce the risk of a data breach via direct access to the storage device.

To fix it you must configure the property encrypted=true. By default, the values is false.

Learn more about this topic at AWS Redshift Encryption.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic cluster provisioning example
      community.aws.redshift:
        command: create
        node_type: ds1.xlarge
        identifier: new_cluster
        username: cluster_admin
        password: 1nsecure

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic cluster provisioning example
      community.aws.redshift:
        command: create
        node_type: ds1.xlarge
        identifier: new_cluster
        encrypted: true
        username: cluster_admin
        password: 1nsecure