Description:

Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. It enables you to use your data to acquire new insights for your business and customers. Launch a set of nodes to create a data warehouse is the first step, this set of nodes is called the Amazon Redshift cluster. This amazon service makes it simple and cost-effective to efficiently analyze all your data using your existing business intelligence tools. This should not be accessible publicly as this may cause security concerns. 


Rationale:

It is recommended that Redshift Cluster should not be publicly accessible to other services and resources in AWS. Public Redshift Cluster means that unauthorized actors could your data which can lead to misuse of the data.


Impact:

If Redshift clusters are not publicly accessible and no public IP address, then over the internet no one can establish a connection to your cluster and it can be reduced the opportunity for malicious activity such as SQL injections or DDoS attacks.


Default Value:

By default, default privileges are applied globally to the entire database. Grant. The set of privileges to grant to the specified users or groups for all new tables, functions, or stored procedures created by the specified user.


Remediation:

Test Plan:

  1. Login to the AWS management console and navigate to the Redshift dashboard at https://console.aws.amazon.com/redshift/.
  2. Click on Clusters in the left navigation panel under Redshift Dashboard
  3. Select the Redshift cluster that you want to audit 
  4. Click on Properties scroll down in Network and security settings panel you see public access is enabled or disabled 
  5. If in case it is enabled then follow the implementation steps. You can also check for all other clusters if you created multiple clusters.

Using AWS CLI: 

  1. Below command gives the list of the identifiers of all Redshift clusters in the selected region
    aws redshift describe-clusters --region us-east-1 

  2. Select the cluster that you audit 
    aws redshift describe-clusters --region ap-south-1 --cluster-identifier redshift-cluster-1 --query 'Clusters[*].PubliclyAccessible'

  3. if publicly accessible is enable it gives true if it is disabled it gives false.


Implementation Steps:

  1. Follow the steps to disable the publicly accessible in Redshift cluster
  2. Login to the AWS management console and navigate to the Redshift dashboard at https://console.aws.amazon.com/redshift/.
  3. Click on Clusters in the left navigation panel under Redshift Dashboard

     
  4. Select any one cluster to modify
  5. Click on the Properties tab

     
  6. Scroll down and go to Network and security settings and click on Edit publicly accessible button if it is enabled 
  7. you can click on Action button and

     
  8. click on Modify publicly accessible setting 
  9. Select disable option and click on Save changes button


    Backout Plan:
    1. Above Implementation Steps for Modifying a Cluster. If you cannot connect to the cluster from the internet or a different network, check the following settings:
    2. Choose the link next to VPC security groups to open the Amazon Elastic compute Cloud (Amazon EC2) console
    3. On the Inbound Rules tab, be sure that your IP address and port of your Amazon Redshift cluster are allowed. 


    References:

    1. Amazon Redshift clusters - Amazon Redshift 

    2. What is Amazon Redshift? - Amazon Redshift 

    3. Amazon Redshift parameter groups - Amazon Redshift 

    4. https://docs.aws.amazon.com/redshift/latest/mgmt/managing-clusters-console.html#modify-cluster