AWS Redshift cluster is publicly accessible

ID

aws_redshift_public_accessible

Severity

high

Vendor

AWS

Resource

Network

Tags

reachable

Description

AWS Redshift cluster is publicly accessible. Every machine on the Internet can establish a connection to your clusters and this can increase the opportunity for malicious activity.

To fix it you must configure the property publicly_accessible=false.

Learn more about this topic at AWS Redshift Clusters.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic cluster provisioning example
      community.aws.redshift:
        command: create
        node_type: ds1.xlarge
        identifier: new_cluster
        encrypted: true
        username: cluster_admin
        password: 1nsecure
        publicly_accessible: true

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Basic cluster provisioning example
      community.aws.redshift:
        command: create
        node_type: ds1.xlarge
        identifier: new_cluster
        encrypted: true
        username: cluster_admin
        password: 1nsecure