Redshift clusters should enable SSL/TLS for client connections

Docs > Datadog Security > OOTB Rules > Redshift clusters should enable SSL/TLS for client connections

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Enable the require_ssl parameter for your Amazon Redshift cluster.

Rationale

Redshift clusters that do not require an SSL connection are vulnerable to exploits, such as man-in-the-middle attacks. Securing your connections protects your sensitive and private data.

Remediation

From the console

Amazon Redshift Clusters use AWS Certificate Manager (ACM)] to manage SSL certificates. To configure Redshift parameter groups in the console, follow the Managing parameter groups using the console docs.

From the command line

Run modify-cluster-parameter-group with name of the default parameter group you want to modify and the required parameters for SSL. This returns the group name and status if successful.

modify-cluster-parameter-group.sh

  aws redshift modify-cluster-parameter-group
    --parameter-group-name your-parameter-group
    --parameters ParameterName=require_ssl,ParameterValue=true

  

Run reboot-cluster with your cluster identifier to enable the configuration changes.