Redshift clusters should use the EC2-VPC platform for better security

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Confirm Redshift Clusters are using the AWS EC2-VPC platform for better cluster security.

Rationale

The AWS EC2-VPC platform offers better security control and traffic routing for clusters than the outdated EC2-Classic platform.

Remediation

From the console

Follow the Use EC2-VPC when you create your cluster docs to learn how to use the EC2-VPC platform in the console to secure your clusters.

From the command line

  1. Run describe-clusters with a cluster-identifier to retrieve cluster metadata.

    describe-clusters.sh

        aws redshift describe-clusters
    	    --cluster-identifier cluster-id
        
  2. Run create-cluster with the metadata to launch a new cluster within a VPC.

    describe-clusters.sh

            aws redshift create-cluster
                --cluster-identifier cluster-id
                --vpc-security-group-ids id-012a3b4c
                --port 5439
                ...
        
  3. Re-run describe-clusters with a custom query filter to retrieve the database cluster endpoint.

    describe-clusters.sh

        aws redshift describe-clusters
    	    --cluster-identifier cluster-id
    	    --query 'Clusters[*].Endpoint.Address'
        
  4. Reload the old cluster data into the new database cluster with the Unload Copy Utility.

  5. Run delete-cluster to delete the old cluster.

    delete-cluster.sh

        aws redshift create-cluster
    	    --cluster-identifier old-cluster-identifier
    	    ...