AWS Redshift Best Practices

Best practice rules for Amazon Redshift

Trend Micro Cloud One™ – Conformity monitors Amazon Redshift with the following rules:

• Configure Preferred Maintenance Window

  Ensure there is a preferred maintenance window configured for your Amazon Redshift clusters.

• Deferred Maintenance

  Enable Deferred Maintenance for Redshift Clusters.

• Enable Cluster Relocation

  Ensure that relocation is enabled and configured for your Amazon Redshift clusters.

• Enable Cross-Region Snapshots

  Ensure that cross-region snapshots are enabled for your Amazon Redshift clusters.

• Enable Enhanced VPC Routing

  Ensure that Enhanced VPC Routing is enabled for your Amazon Redshift clusters.

• Enable Redshift User Activity Logging

  Ensure that user activity logging is enabled for your Amazon Redshift clusters.

• Idle Redshift Cluster

  Identify idle AWS Redshift clusters and terminate them in order to optimize AWS costs.

• Redshift Automated Snapshot Retention Period

  Ensure that retention period is enabled for Amazon Redshift automated snapshots.

• Redshift Cluster Allow Version Upgrade

  Ensure Version Upgrade is enabled for Redshift clusters to automatically receive upgrades during the maintenance window.

• Redshift Cluster Audit Logging Enabled

  Ensure audit logging is enabled for Redshift clusters for security and troubleshooting purposes.

• Redshift Cluster Default Master Username

  Ensure AWS Redshift database clusters are not using "awsuser" (default master user name) for database access.

• Redshift Cluster Default Port

  Ensure Amazon Redshift clusters are not using port 5439 (default port) for database access.

• Redshift Cluster Encrypted

  Ensure database encryption is enabled for AWS Redshift clusters to protect your data at rest.

• Redshift Cluster Encrypted With KMS Customer Master Keys

  Ensure Redshift clusters are encrypted with KMS customer master keys (CMKs) in order to have full control over data encryption and decryption.

• Redshift Cluster In VPC

  Ensure Redshift clusters are launched in VPC.

• Redshift Cluster Publicly Accessible

  Ensure Redshift clusters are not publicly accessible to minimise security risks.

• Redshift Desired Node Type

  Ensure that your AWS Redshift cluster nodes are of given types.

• Redshift Disk Space Usage

  Identify AWS Redshift clusters with high disk usage and scale them to increase their storage capacity.

• Redshift Instance Generation

  Ensure Redshift clusters are using the latest generation of nodes for performance improvements.

• Redshift Nodes Counts

  Ensure that your AWS account has not reached the limit set for the number of Redshift cluster nodes.

• Redshift Parameter Group Require SSL

  Ensure AWS Redshift non-default parameter groups require SSL to secure data in transit.

• Redshift Reserved Node Coverage

  Ensure that your Amazon Redshift usage is covered by RI reservations in order to optimize costs.

• Redshift Reserved Node Lease Expiration In The Next 30 Days

  Ensure Amazon Redshift Reserved Nodes (RN) are renewed before expiration.

• Redshift Reserved Node Lease Expiration In The Next 7 Days

  Ensure Amazon Redshift Reserved Nodes (RN) are renewed before expiration.

• Redshift Reserved Node Payment Failed

  Ensure that none of your AWS Redshift Reserved Node purchases have been failed.

• Redshift Reserved Node Payment Pending

  Ensure that none of your AWS Redshift Reserved Node (RN) purchases are pending.

• Redshift Reserved Node Recent Purchases

  Ensure Redshift Reserved Node purchases are regularly reviewed for cost optimization (informational).

• Sufficient Cross-Region Snapshot Retention Period

  Ensure that Redshift clusters have a sufficient retention period configured for cross-region snapshots.

• Underutilized Redshift Cluster

  Identify underutilized Redshift clusters and downsize them in order to optimize AWS costs.

• Unused Redshift Reserved Nodes

  Ensure that your Amazon Redshift Reserved Nodes are being utilized.