Redshift cluster ‘Publicly Accessible’ should not be enabled

Description

Publicly accessible Redshift clusters allow any AWS user or anonymous user access to the data in the database. Redshift clusters should not be publicly accessible.

Remediation Steps

AWS Console

• Navigate to Redshift.

• In the left navigation, select Clusters.

• Select the desired Redshift Cluster to modify.

• Select Properties in the top navigation and scroll down to the Network and security section.

• In Publicly accessible, select Edit.

• Select No and click Confirm.

AWS CLI

• Change Publicly Accessible from Yes to No for your Redshift Cluster.

  • --cluster-identifier <value>

  • --no-publicly-accessible

Terraform

• Ensure that the aws_redshift_cluster publicly_accessible field is set to false.

Example Configuration

resource "aws_redshift_cluster" "valid" {
  publicly_accessible = false
  # other required fields here
}

Documentation Links

AWS Console and CLI

• Console: Modify Cluster

• CLI: modify-cluster

Terraform

• Resource: aws_redshift_cluster

  • Field: publicly_accessible