VIEW RULE IN DATADOG VIEW MISCONFIGURATIONS

Description

This control verifies whether Amazon Redshift cluster connections require encryption during transit. The parameter require_ssl must be set to True.

Using TLS helps protect against potential attacks, such as person-in-the-middle attempts, by securing network traffic from being intercepted or altered. Only TLS encrypted connections should be permitted. Keep in mind that encrypting data in transit may impact performance. Datadog recommends testing your application with TLS enabled to evaluate its performance and understand the potential effects.

Remediation

For guidance on configuring Redshift parameters, please refer to the Modifying a parameter group section of the Amazon Redshift Management Guide.