Redshift clusters should enforce encryption in transit

Documentos > Datadog Security > OOTB Rules > Redshift clusters should enforce encryption in transit

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

This control verifies whether Amazon Redshift cluster connections require encryption during transit. The parameter require_ssl must be set to True.

Using TLS helps protect against potential attacks, such as person-in-the-middle attempts, by securing network traffic from being intercepted or altered. Only TLS encrypted connections should be permitted. Keep in mind that encrypting data in transit may impact performance. Datadog recommends testing your application with TLS enabled to evaluate its performance and understand the potential effects.

Remediation

For guidance on configuring Redshift parameters, please refer to the Modifying a parameter group section of the Amazon Redshift Management Guide.