Redshift Clusters Should Not Use Default Port
More Info:
Amazon Redshift clusters should not be using port 5439 (default port) for database access.Risk Level
InformationalAddress
SecurityCompliance Standards
PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of Redshift clusters using default port in AWS, follow these steps using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/) and log in to your account.
- Navigate to Amazon Redshift: Click on the “Services” dropdown menu at the top left corner, then select “Redshift” under the “Analytics” section.
- Select the Redshift Cluster: From the list of Redshift clusters, select the cluster that is using the default port that you want to change.
- Modify the Cluster: In the cluster details page, click on the “Cluster” menu on the left side, then click on the “Modify” button at the top.
- Change the Port: Scroll down to the “Network and security” section, locate the “Cluster port” field, and change the port number from the default port (5439) to a custom port of your choice. Make sure the new port is not being used by any other service.
- Apply Changes: After changing the port number, scroll down to the bottom of the page and click on the “Modify cluster” button to apply the changes.
- Monitor the Modification: The modification process may take a few minutes to complete. You can monitor the progress on the cluster details page.
- Verify the Port Change: Once the modification is completed, you can verify that the Redshift cluster is now using the custom port by checking the cluster details.
Using CLI
Using CLI
To remediate the misconfiguration of Redshift clusters using the default port in AWS, you can follow these steps using the AWS CLI:Step 1: List the existing Redshift clusters to identify the clusters using the default port (5439) by running the following command:Step 2: Identify the Redshift cluster for which you want to update the port and make a note of the Cluster Identifier.Step 3: Modify the cluster to change the port using the Step 4: Verify the port change by describing the cluster again and checking if the port has been updated successfully:By following these steps, you can remediate the misconfiguration of Redshift clusters using the default port in AWS Redshift using the AWS CLI.
modify-cluster command. Replace <cluster-identifier> with the actual Cluster Identifier and <new-port> with the desired port number (e.g., 5432) by running the following command:Using Python
Using Python
To remediate the misconfiguration of Redshift clusters using the default port in AWS, you can use the AWS SDK for Python (Boto3) to update the cluster’s port to a non-default value. Here are the step-by-step instructions to remediate this misconfiguration:
-
Install Boto3:
If you haven’t already installed the Boto3 library, you can install it using pip:
-
Update Redshift Cluster Port:
Use the following Python script to update the port for your Redshift cluster. Replace
<cluster_id>with the ID of your Redshift cluster and<new_port>with the desired non-default port value: -
Run the Python Script:
Save the above script in a file (e.g.,
update_redshift_port.py) and run it using Python: - Verify the Port Update: You can verify that the port for your Redshift cluster has been updated successfully by checking the cluster details in the AWS Management Console or by running describe-cluster CLI command.