Use Vpc | Vulnerability Database

Redshift cluster should be deployed into a specific VPC

Redshift clusters that are created without subnet details will be created in EC2 classic mode, meaning that they will be outside of a known VPC and running in tennant. In order to benefit from the additional security features achieved with using an owned VPC, the subnet should be set.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Deploy Redshift cluster into a non default VPC

1
2
3
4
5


Resources:
  GoodCluster:
    Type: AWS::Redshift::Cluster
    Properties:
      ClusterSubnetGroupName: my-subnet-group

Deploy Redshift cluster into a non default VPC

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


resource "aws_redshift_cluster" "good_example" {
  cluster_identifier = "tf-redshift-cluster"
  database_name      = "mydb"
  master_username    = "foo"
  master_password    = "Mustbe8characters"
  node_type          = "dc1.large"
  cluster_type       = "single-node"

  cluster_subnet_group_name = "redshift_subnet"
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#cluster_subnet_group_name