Skip to content

AWS Redshift cluster not encrypted

Description

We recommend all data stored in the Redshift cluster is securely encrypted at rest, you can create new encrypted clusters or enable CMK encryption on existing clusters, as AWS says "You can enable encryption when you launch your cluster, or you can modify an unencrypted cluster to use AWS Key Management Service (AWS KMS) encryption"
https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html

Fix - Buildtime

Terraform

  • **Resource: ** aws_redshift_cluster
  • Argument: encrypted, ensure that this argument is set to true to protect this database.

This change may recreate your cluster.

```go aws_redshift_cluster.redshift.tf resource "aws_redshift_cluster" "redshift" { ... cluster_identifier = "shifty" + encrypted = true kms_key_id = var.kms_key_id ... }


## CloudFormation 

- **Resource: ** AWS::Redshift::Cluster
- **Argument:** Properties.Encrypted

```yaml
Type: "AWS::Redshift::Cluster"
    Properties:
      ...
+     Encrypted: true