Skip to content

Redshift does not use SSL

Description

This policy identifies Redshift databases in which data connection to and from is occurring on an insecure channel. SSL connections ensures the security of the data in transit.

Fix - Runtime

AWS Console

  1. Login to the AWS and navigate to the Amazon Redshift service.
  2. Expand the identified Redshift cluster and make a note of the Cluster Parameter Group
  3. In the navigation panel, click on the Parameter group.
  4. Select the identified Parameter Group and click on Edit Parameters.
  5. Review the require_ssl flag. Update the parameter require_ssl to true and save it.
    Note: If the current parameter group is a Default parameter group, it cannot be edited. You will need to create a new parameter group and point it to an affected cluster.

Fix - Buildtime

Terraform

  • Resource: aws_redshift_parameter_group
  • Argument: parameter.require_ssl

```go aws_s3_bucket.test.tf resource "aws_redshift_parameter_group" "pass" { ... parameter { name = "require_ssl" value = "true" } }


## CloudFormation

- **Resource**: AWS::Redshift::ClusterParameterGroup
- **Argument**:  Properties.Parameters

```yaml
Type: AWS::Redshift::ClusterParameterGroup
    Properties:
      ...
      Parameters:
+       - ParameterName: "require_ssl"
+         ParameterValue: "true"