Redshift clusters should use the EC2-VPC platform for better security

Docs > Datadog Security > OOTB Rules > Redshift clusters should use the EC2-VPC platform for better security

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

Confirm Redshift Clusters are using the AWS EC2-VPC platform for better cluster security.

Rationale

The AWS EC2-VPC platform offers better security control and traffic routing for clusters than the outdated EC2-Classic platform.

Remediation

From the console

Follow the Use EC2-VPC when you create your cluster docs to learn how to use the EC2-VPC platform in the console to secure your clusters.

From the command line

Run describe-clusters with a cluster-identifier to retrieve cluster metadata.
describe-clusters.sh
```
    aws redshift describe-clusters
	    --cluster-identifier cluster-id
    
```

Run create-cluster with the metadata to launch a new cluster within a VPC.

describe-clusters.sh

        aws redshift create-cluster
            --cluster-identifier cluster-id
            --vpc-security-group-ids id-012a3b4c
            --port 5439
            ...
    

Re-run describe-clusters with a custom query filter to retrieve the database cluster endpoint.

describe-clusters.sh

    aws redshift describe-clusters
	    --cluster-identifier cluster-id
	    --query 'Clusters[*].Endpoint.Address'
    

Reload the old cluster data into the new database cluster with the Unload Copy Utility.

Run delete-cluster to delete the old cluster.

delete-cluster.sh

    aws redshift create-cluster
	    --cluster-identifier old-cluster-identifier
	    ...
    