Redshift Publicly Accessible
Ensures Redshift clusters are not launched into the public cloud
Unless there is a specific business requirement, Redshift clusters should not have a public endpoint and should be accessed from within a VPC only.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log into the AWS Management Console.
-
Select the “Services” option and search for Redshift.
-
Scroll down the left navigation panel and choose “Clusters”.
-
Select the “Cluster” that needs to be verified and click on its identifier(name) from the “Cluster” column.
-
Scroll down the “Cluster” configuration page and check the “Publicly Accessible” option under the “Cluster Database Properties”. If current status is set to “Yes” then the selected cluster is launched into the public cloud.
-
Repeat steps number 2 - 5 to verify other clusters.
-
Select the “Cluster” on which “Public Accessibility” needs to be disable.Click on its identifier(name)from the “Cluster” column to go into “Cluster” configuration page.
-
Click on the “Cluster” dropdown button at the top menu and click on the “Modify Cluster” option.
-
On the “Modify Cluster” page select the “No” option next to “Publicly accessible” under “Cluster Settings”. Click on the “Modify” button to make the necessary changes.
-
Repeat steps number 7 - 9 to disable “Public Accessibility” for other clusters.