Redshift clusters should enforce encryption in transit

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

This control verifies whether Amazon Redshift cluster connections require encryption during transit. The parameter require_ssl must be set to True.

Using TLS helps protect against potential attacks, such as person-in-the-middle attempts, by securing network traffic from being intercepted or altered. Only TLS encrypted connections should be permitted. Keep in mind that encrypting data in transit may impact performance. Datadog recommends testing your application with TLS enabled to evaluate its performance and understand the potential effects.

Remediation

For guidance on configuring Redshift parameters, please refer to the Modifying a parameter group section of the Amazon Redshift Management Guide.