Redshift clusters should be encrypted

Docs > Plateforme de sécurité Datadog > OOTB Rules > Redshift clusters should be encrypted

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Ensure that AWS RedShift clusters are encrypted.

Rationale

Encrypting Redshift clusters protects your sensitive data from unauthorized access.

Remediation

From the console

Follow the Changing cluster encryption docs to ensure your clusters are encrypted.

From the command line

Run describe-clusters with your cluster identifier.

 aws redshift describe-clusters \
     --cluster-identifier cluster-name

Run create-cluster using the configuration details returned in step 1 along with the encrypted flag.

 aws redshift create-cluster \
     --cluster-identifier cluster-name \
     --encrypted

Run describe-cluster with a query filter to expose the new endpoint address.

 aws redshift describe-clusters \
     --cluster-identifier cluster-name \
     --query 'Clusters[*].Endpoint.Address'

Use the cluster endpoint URL with the Amazon Redshift Unload/Copy tool.
Update your encrypted Redshift cluster configuration with the new Redshift cluster endpoint URL.

Once the endpoint is changed, run delete-cluster to remove the old unencrypted cluster.

 aws redshift delete-cluster \
     --cluster-identifier old-cluster \
     --final-cluster-snapshot-identifier old-cluster-finalsnapshot