Free Assessment

Amazon_Redshift_2

Ensure Redshift Cluster is Encrypted

Description

Ensure that your Amazon Redshift clusters are encrypted in order to meet security and compliance requirements. 

Remediation

  1. Login to the AWS Management Console.
  2. Navigate to Redshift dashboard at https://console.aws.amazon.com/redshift/.
  3. In the left navigation panel, under Redshift Dashboard, click Clusters.
  4. Click Launch Cluster button from the dashboard top menu to start the cluster setup process.
  5. On the Cluster Details configuration page, enter a unique name for your new cluster in the Cluster Identifier field and fill out the rest of the fields available on this page with the information taken from your existing (unencrypted) cluster.
  6. Click the Continue button to continue the setup process.
  7. On the Node Configuration page, select the appropriate node type for the new cluster from the Node Type dropdown list and configure the number of nodes used to match the existing (unencrypted) cluster configuration.
  8. Click Continue to carry on with the process.
  9. On the Additional Configuration page, in the first configuration section, select KMS next to Encrypt Database. Choose (default) aws/redshift option from the Master Key dropdown list to encrypt the new cluster using the default master key provided and managed by AWS. The default master key is an AWS-managed key that is created automatically for Redshift clusters within your AWS account. Configure the rest of the options available on the page such as availability zone, VPC security group(s) and associated IAM role in order to reflect the unencrypted cluster configuration.
  10. Click Continue to load the next page.
  11. On the Review page, review the cluster properties, its database details, the security and encryption configuration, then click Launch Cluster to build the new (encrypted) AWS Redshift cluster.
  12. On the confirmation page click Close to return to the Redshift dashboard. Once the Cluster Status value changes to available and the DB Health status changes to healthy, the new cluster can used to load the existing data.
  13. Now unload your data from the unencrypted Redshift cluster and reload it into the newly created cluster using the Amazon Redshift Unload/Copy utility. With this utility tool you can unload (export) your data from the unencrypted cluster (source) to an AWS S3 bucket, encrypt it, then import the data into your new cluster (destination) and clean up the S3 bucket used. All the necessary instructions to install, configure and use the Amazon Redshift Unload/Copy tool can be found at this URL.
  14. As soon as the migration process is completed and all the data is loaded into your new (encrypted) Redshift cluster, you can update your application configuration to refer to the new cluster endpoint:
  15. Once the Redshift cluster endpoint is changed within your application configuration, you can remove the unencrypted cluster from your AWS account by performing the following actions:
  16. In the navigation panel, under Redshift Dashboard, click Clusters 
               a) Choose the Redshift cluster that you want to remove then click on its identifier link listed in the Cluster column.
               b) On the selected cluster Configuration tab, click the Cluster dropdown button from the dashboard main menu then select Delete from the dropdown list: .
               c) Inside the Delete Cluster dialog box, enter a unique name for the final snapshot in the Snapshot name box then click Delete to confirm the action. Once the snapshot is created the unencrypted                       cluster removal process begins.

Service

Redshift

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More