VIEW RULE IN DATADOG VIEW SIGNALS

Description

This rule evaluates whether Amazon Redshift cluster snapshots are shared with external AWS accounts that are not onboarded to Datadog. Redshift cluster snapshots contain complete copies of data warehouse clusters, including all data, configurations, and potentially sensitive information. Sharing cluster snapshots with unauthorized external accounts can lead to data exposure and security risks.

The data contained in the accounts_with_restore_access field is enumerated to identify which AWS accounts have access to restore from the snapshot.

The control fails if any account present is not onboarded to Datadog.

Note: If the Redshift cluster snapshot is shared with a trusted third-party AWS account that you cannot onboard to Datadog, mute the finding and leave a comment documenting the justification.

Remediation

To remove external account sharing permissions from Amazon Redshift cluster snapshots, follow the steps outlined in the Sharing a snapshot section of the Amazon Redshift Management Guide. For guidance regarding onboarding AWS accounts to Datadog, follow the Datadog AWS integration documentation to onboard the account. Ensure that resource collection and Cloud Security are correctly configured.