Redshift clusters should be encrypted with a customer-managed KMS key

Docs > Datadog Security > OOTB Rules > Redshift clusters should be encrypted with a customer-managed KMS key

Description

Redshift clusters should be encrypted using a customer-managed KMS key rather than the default AWS-managed key. Customer-managed keys provide full control over key rotation policies, access permissions via KMS key policies, and the ability to revoke or disable the key.

Remediation

Modify the cluster to use a customer-managed KMS key for encryption. For guidance, refer to Amazon Redshift database encryption.