Redshift cluster is using a default port
Incident Management が一般に使用できるようになりました。 Incident Management が広範に使用できるようになりました。
<  Back to rules search

Redshift cluster is using a default port

redshift

Classification:

compliance

Set up the redshift integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Overview

Description

Confirm Redshift clusters are not using default port 5439 to protect against non-targeted attacks.

Rationale

Using a custom port can protect your publicly accessible AWS Redshift clusters against potential brute-force and dictionary attacks. Although setting a custom port can help fend off these attacks, it is also recommended to restrict public access, use SSL to encrypt client connections to database clusters, and control cluster access through security groups and Network Access Control Lists (NACLs) to add an additional layer of security for your account.

Remediation

  1. Run describe-clusters with a cluster-identifier to retrieve cluster metadata.

    describe-clusters.sh

        aws redshift describe-clusters
    	    --cluster-identifier cluster-name
        
  2. Run create-cluster-snapshot with create a snapshot of your database cluster.

    create-cluster-snapshot.sh

        aws redshift create-cluster-snapshot
            --cluster-identifier cluster-name
            --snapshot-identifier snapshot-identifier
        
  3. Run restore-from-cluster-snapshot to create a new cluster from the snapshot created above. Use the retrieved metadata in step one to configure a new port number.

    restore-from-cluster-snapshot.sh

        aws redshift restore-from-cluster-snapshot
            ...
            --cluster-identifier cluster-name
            --snapshot-identifier snapshot-identifier
            --port 2000