Encrypt Connections to Redshift Clusters in Transit
Ensures that connections to Amazon Redshift clusters are encrypted in transit, protecting data from interception.
| Rule | Connections to Amazon Redshift clusters should be encrypted in transit |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Description:
All connections to Amazon Redshift clusters should be encrypted in transit to ensure the security and confidentiality of data being transmitted to and from the clusters. Encryption in transit helps protect against unauthorized access and interception of data.
Troubleshooting Steps:
If you encounter issues with encrypting connections to Amazon Redshift clusters, follow these troubleshooting steps:
- 1.Verify that the Amazon Redshift cluster is properly configured to require SSL encryption for connections.
- 2.Ensure that client applications attempting to connect to the cluster support SSL encryption.
- 3.Check for any network configuration issues that may be preventing SSL-encrypted connections.
- 4.Verify that the SSL/TLS certificates being used are valid and up to date.
Code:
To enforce SSL encryption for connections to your Amazon Redshift cluster, you can use the following Amazon Redshift parameter group setting:
require_ssl = true
Remediation:
Follow these steps to ensure connections to your Amazon Redshift clusters are encrypted in transit:
- 1.Identify the Amazon Redshift cluster that requires SSL encryption for connections.
- 2.Modify the cluster's parameter group to set the
parameter torequire_ssl
.true - 3.Reboot the Amazon Redshift cluster for the changes to take effect.
- 4.Update any client applications to use SSL-enabled connections when connecting to the cluster.
- 5.Monitor the cluster for any connection issues post-encryption implementation.
By following these steps, you can ensure that all connections to your Amazon Redshift clusters are encrypted in transit, in compliance with AWS Foundational Security Best Practices.