Redshift cluster should be deployed into a specific VPC
Redshift clusters that are created without subnet details will be created in EC2 classic mode, meaning that they will be outside of a known VPC and running in tennant.
In order to benefit from the additional security features achieved with using an owned VPC, the subnet should be set.
Impact
Redshift cluster does not benefit from VPC security if it is deployed in EC2 classic mode
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Deploy Redshift cluster into a non default VPC
1
2
3
4
5
6
7
8
9
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of redshift cluster
Resources:
Queue:
Type: AWS::Redshift::Cluster
Properties:
ClusterSubnetGroupName: "my-subnet-group"