Redshift cluster is not using the EC2-VPC platform
Incident Management が一般に使用できるようになりました。 Incident Management が広範に使用できるようになりました。
<  Back to rules search

Redshift cluster is not using the EC2-VPC platform

redshift

Classification:

compliance

Set up the redshift integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Overview

Description

Confirm Redshift Clusters are using the AWS EC2-VPC platform for better cluster security.

Rationale

The AWS EC2-VPC platform offers better security control and traffic routing for clusters than the outdated EC2-Classic platform.

Remediation

  1. Run describe-clusters with a cluster-identifier to retrieve cluster metadata.

    describe-clusters.sh

        aws redshift describe-clusters
    	    --cluster-identifier cluster-id
        
  2. Run create-cluster with the metadata to launch a new cluster within a VPC.

    describe-clusters.sh

            aws redshift create-cluster
                --cluster-identifier cluster-id
                --vpc-security-group-ids id-012a3b4c
                --port 5439
                ...
        
  3. Re-run describe-clusters with a custom query filter to retrieve the database cluster endpoint.

    describe-clusters.sh

        aws redshift describe-clusters
    	    --cluster-identifier cluster-id
    	    --query 'Clusters[*].Endpoint.Address'
        
  4. Reload the old cluster data into the new database cluster with the Unload Copy Utility.

  5. Run delete-cluster to delete the old cluster.

    delete-cluster.sh

        aws redshift create-cluster
    	    --cluster-identifier old-cluster-identifier
    	    ...