Ensure Version Upgrade is enabled for Redshift clusters to automatically receive upgrades during the maintenance window.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
With Allow Version Upgrade feature enabled, the Amazon Redshift engine upgrades (also known as major version upgrades) will occur automatically so the data warehouse service engine can get the newest features, bug fixes or the latest security patches released.
Audit
To determine if your AWS Redshift clusters are receiving automatic engine version upgrades, perform the following:
Remediation / Resolution
To update your AWS Redshift clusters configuration in order to enable engine (major) version upgrades, perform the following:
Note: Enabling Allow Version Upgrade for Amazon Redshift clusters using AWS Management Console is not currently supported, the feature can to be configured only through AWS Command Line Interface (CLI).References
- AWS Documentation
- Amazon Redshift FAQs
- Amazon Redshift Clusters
- Managing Clusters Using the Console
- Manage Clusters Using the Amazon Redshift CLI and API
- AWS Command Line Interface (CLI) Documentation
- redshift
- describe-clusters
- modify-cluster