Redshift clusters should enable SSL/TLS for client connections

문서 > Datadog 보안 > OOTB Rules > Redshift clusters should enable SSL/TLS for client connections

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Enable the require_ssl parameter for your Amazon Redshift cluster.

Rationale

Redshift clusters that do not require an SSL connection are vulnerable to exploits, such as man-in-the-middle attacks. Securing your connections protects your sensitive and private data.

Remediation

From the console

Amazon Redshift Clusters use AWS Certificate Manager (ACM)] to manage SSL certificates. To configure Redshift parameter groups in the console, follow the Managing parameter groups using the console docs.

From the command line

Run modify-cluster-parameter-group with name of the default parameter group you want to modify and the required parameters for SSL. This returns the group name and status if successful.

modify-cluster-parameter-group.sh

  aws redshift modify-cluster-parameter-group
    --parameter-group-name your-parameter-group
    --parameters ParameterName=require_ssl,ParameterValue=true

  

Run reboot-cluster with your cluster identifier to enable the configuration changes.