<  Back to rules search

Redshift cluster uses SSL to secure connections to clients

redshift

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Enable the require_ssl parameter for your Amazon Redshift cluster.

Rationale

Redshift clusters that do not require an SSL connection are vulnerable to exploits, such as man-in-the-middle attacks. Securing your connections protects your sensitive and private data.

Remediation

Console

Amazon Redshift Clusters use AWS Certificate Manager (ACM)] to manage SSL certificates. To configure Redshift parameter groups in the console, follow the Managing parameter groups using the console docs.

CLI

  1. Run modify-cluster-parameter-group with name of the default parameter group you want to modify and the required parameters for SSL. This returns the group name and status if successful.

modify-cluster-parameter-group.sh

  aws redshift modify-cluster-parameter-group
    --parameter-group-name your-parameter-group
    --parameters ParameterName=require_ssl,ParameterValue=true

  
  1. Run reboot-cluster with your cluster identifier to enable the configuration changes.