Redshift cluster is not using a custom master user name
Incident Management が一般に使用できるようになりました。 Incident Management が広範に使用できるようになりました。
<  Back to rules search

Redshift cluster is not using a custom master user name




Set up the redshift integration.




Confirm Redshift clusters are using a custom master user name, versus the default master user name.


Default master user names for publicly accessible clusters can be a backdoor for hacking. While setting a customer master user name alone does not fully protect against attacks, restricting the root account only to privileged users and using additional password measures can add an additional layer of protection.


  1. Run describe-clusters with a cluster-identifier to retrieve cluster metadata.

        aws redshift describe-clusters
    	    --cluster-identifier cluster-name
  2. Run create-cluster with the returned cluster metadata to launch a new cluster with the existing metadata and a new master user name.

        aws redshift create-cluster
    	    --cluster-identifier old-cluster-identifier
    	    --master-username awsmasterusr
            --vpc-security-group-ids id-012a3b4c
  3. Re-run describe-clusters with a custom query filter to retrieve the database cluster endpoint.

        aws redshift describe-clusters
    	    --cluster-identifier new-cluster-identifier
    	    --query 'Clusters[*].Endpoint.Address'
  4. Reload the old cluster data into the new database cluster with the Unload Copy Utility.

  5. Use the returned new database cluster endpoint URL from step 3 to update your application’s configuration to point to the new cluster endpoint.

  6. Run delete-cluster to delete the old cluster.

        aws redshift create-cluster
    	    --cluster-identifier old-cluster-identifier