Enable Enhanced VPC Routing for Redshift Clusters
Verifies that Amazon Redshift clusters use enhanced VPC routing to secure and control traffic flow.
| Rule | Redshift clusters should use enhanced VPC routing |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
Redshift clusters should use enhanced VPC routing as per AWS Foundational Security Best Practices. Enhanced VPC routing ensures that network traffic between your Redshift cluster and your VPC stays within the Amazon network rather than being routed through the internet.
Troubleshooting Steps:
If enhanced VPC routing is not enabled for your Redshift cluster, you may face connectivity issues and it may impact the overall security posture.
To troubleshoot:
- 1.Check if enhanced VPC routing is enabled for your Redshift cluster.
- 2.Verify the VPC route tables to ensure that traffic is correctly routed within the VPC.
- 3.Review the Redshift cluster security group settings to allow the necessary network traffic.
Remediation Steps:
To enable enhanced VPC routing for your Redshift cluster, follow these steps:
- 1.Open the Amazon Redshift console.
- 2.In the navigation pane, choose 'Clusters'.
- 3.Select your Redshift cluster for which you want to enable enhanced VPC routing.
- 4.Choose 'Modify'.
- 5.Under the 'Network and security' section, select the 'Enhanced VPC routing' checkbox to enable it.
- 6.Click on 'Modify cluster' to apply the changes.
- 7.Once the modification is completed, verify that enhanced VPC routing is active for your Redshift cluster.
AWS CLI Command:
If you prefer using the AWS CLI, you can enable enhanced VPC routing with the following command:
aws redshift modify-cluster --cluster-identifier <cluster_identifier> --enhanced-vpc-routing
Replace
<cluster_identifier>By following these steps and ensuring that enhanced VPC routing is enabled for your Redshift clusters, you can adhere to AWS best practices for security and optimize network traffic routing within your VPC.