Ensure that your Amazon Redshift clusters are encrypted in order to meet security and compliance requirements. The Redshift clusters data encryption/decryption is handled transparently by AWS and does not require any additional action from you or your application.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Cloud Conformity strongly recommends implementing encryption when dealing with Redshift clusters that contain sensitive data. Though encryption is an optional, immutable setting within AWS Redshift configuration, you should enable it in order to protect your data from unauthorized access and fulfill compliance requirements for data-at-rest encryption.
To determine your Amazon Redshift clusters encryption status, perform the following:
Remediation / Resolution
To encrypt an existing Redshift cluster you must unload the data from it to Amazon S3 then load this data in a new cluster with the chosen encryption setting, configuration settings that gives you have have the ability to choose the encryption key. There are two types of encryption keys - the default KMS key which is managed by AWS and the KMS Customer Managed Key (CMK) which is managed by the customer (you). The encryption key type used in this rule is default KMS (AWS-managed key). To set up the new Redshift cluster, enable encryption, and move your existing cluster data to it, perform the following:
- AWS Documentation
- Amazon Redshift FAQs
- Amazon Redshift Clusters
- Managing Clusters Using the Console
- Manage Clusters Using the Amazon Redshift CLI and API
- Amazon Redshift Database Encryption
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Redshift Cluster Encrypted
Risk level: High