Best practice rules for Amazon Redshift
Amazon Redshift is a fully managed, fast, petabyte-scale data warehouse service that is cost-effective and provides a simple way to efficiently analyze your data using your existing business intelligence tools. Amazon Redshift costs less than a tenth of most traditional data warehousing solutions and is optimised for datasets ranging from a few hundred gigabytes to petabytes.
Trend Micro Cloud One™ – Conformity monitors Amazon Redshift with the following rules:
- Configure Preferred Maintenance Window for Redshift Clusters
Ensure there is a preferred maintenance window configured for your Amazon Redshift clusters.
- Deferred Maintenance
Ensure Deferred Maintenance feature is enabled for your Amazon Redshift clusters.
- Enable Cross-Region Snapshots
Ensure that cross-region snapshots are enabled for your Amazon Redshift clusters.
- Enable Enhanced VPC Routing
Ensure that Enhanced VPC Routing is enabled for your Amazon Redshift clusters.
- Enable Redshift User Activity Logging
Ensure that user activity logging is enabled for your Amazon Redshift clusters.
- Idle Redshift Cluster
Identify idle AWS Redshift clusters and terminate them in order to optimize AWS costs.
- Redshift Automated Snapshot Retention Period
Ensure that retention period is enabled for Amazon Redshift automated snapshots.
- Redshift Cluster Allow Version Upgrade
Ensure Version Upgrade is enabled for Redshift clusters to automatically receive upgrades during the maintenance window.
- Redshift Cluster Audit Logging Enabled
Ensure audit logging is enabled for Redshift clusters for security and troubleshooting purposes.
- Redshift Cluster Default Master Username
Ensure AWS Redshift database clusters are not using "awsuser" (default master user name) for database access.
- Redshift Cluster Default Port
Ensure Amazon Redshift clusters are not using port 5439 (default port) for database access.
- Redshift Cluster Encrypted
Ensure database encryption is enabled for AWS Redshift clusters to protect your data at rest.
- Redshift Cluster Encrypted With KMS Customer Master Keys
Ensure Redshift clusters are encrypted with KMS customer master keys (CMKs) in order to have full control over data encryption and decryption.
- Redshift Cluster In VPC
Ensure Amazon Redshift clusters are launched within a Virtual Private Cloud (VPC).
- Redshift Cluster Publicly Accessible
Ensure Redshift clusters are not publicly accessible to minimise security risks.
- Redshift Desired Node Type
Ensure that your AWS Redshift cluster nodes are of given types.
- Redshift Disk Space Usage
Identify AWS Redshift clusters with high disk usage and scale them to increase their storage capacity.
- Redshift Instance Generation
Ensure Redshift clusters are using the latest generation of nodes for performance improvements.
- Redshift Nodes Counts
Ensure that your AWS account has not reached the limit set for the number of Redshift cluster nodes.
- Redshift Parameter Group Require SSL
Ensure AWS Redshift non-default parameter groups require SSL to secure data in transit.
- Redshift Reserved Node Coverage
Ensure that your Amazon Redshift usage is covered by RI reservations in order to optimize costs.
- Redshift Reserved Node Lease Expiration In The Next 30 Days
Ensure Amazon Redshift Reserved Nodes (RN) are renewed before expiration.
- Redshift Reserved Node Lease Expiration In The Next 7 Days
Ensure Amazon Redshift Reserved Nodes (RN) are renewed before expiration.
- Redshift Reserved Node Payment Failed
Ensure that none of your AWS Redshift Reserved Node purchases have been failed.
- Redshift Reserved Node Payment Pending
Ensure that none of your AWS Redshift Reserved Node (RN) purchases are pending.
- Redshift Reserved Node Recent Purchases
Ensure Redshift Reserved Node purchases are regularly reviewed for cost optimization (informational).
- Underutilized Redshift Cluster
Identify underutilized Redshift clusters and downsize them in order to optimize AWS costs.
- Unused Redshift Reserved Nodes
Ensure that your Amazon Redshift Reserved Nodes are being utilized.