VIEW RULE IN DATADOG VIEW SIGNALS

Description

This rule evaluates whether Amazon Redshift Serverless snapshots are shared with external AWS accounts that are not onboarded to Datadog. Redshift Serverless snapshots contain complete copies of data warehouse clusters, including all data, configurations, and potentially sensitive information. Sharing snapshots with unauthorized external accounts can lead to data exposure and security risks.

The data contained in the accounts_with_restore_access and accounts_with_provisioned_restore_access fields are enumerated to identify which AWS accounts have access to restore from the snapshot.

The control fails if any account present is not onboarded to Datadog.

Note: If the Redshift Serverless snapshot is shared with a trusted third-party AWS account that you cannot onboard to Datadog, mute the finding and leave a comment documenting the justification.

Remediation

To remove external account sharing permissions from Amazon Redshift Serverless snapshots, follow the steps outlined in the Sharing a snapshot or removing snapshot permissions section of the Amazon Redshift Management Guide. For guidance regarding onboarding AWS accounts to Datadog, follow the Datadog AWS integration documentation to onboard the account. Ensure that resource collection and Cloud Security are correctly configured.