AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Redshift Cluster Should Not Be Publicly Accessible
More Info:
Amazon Redshift clusters should not be publicly accessible in order to minimise security risks.
Risk Level
High
Address
Security
Compliance Standards
HIPAA, NIST, PCIDSS, HITRUST, SOC2, GDPR, NISTCSF, FedRAMP
Triage and Remediation
Remediation
To remediate the issue of an AWS Redshift cluster being publicly accessible, follow these steps using the AWS Management Console:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/) and login with your credentials.
-
Navigate to Amazon Redshift: From the AWS Management Console, navigate to the Amazon Redshift service.
-
Select the Redshift Cluster: In the Amazon Redshift dashboard, select the Redshift cluster that is publicly accessible.
-
Modify Cluster: Click on the cluster that you want to modify to access its details.
-
Modify Cluster Settings: In the cluster details page, click on the “Modify” button to change the cluster settings.
-
Update Cluster Security Group: Scroll down to the Network and Security section and locate the “VPC security groups” setting.
-
Edit Security Groups: Click on the “Edit” button next to the security group associated with the Redshift cluster.
-
Remove Public Ingress Rules: In the security group settings, remove any inbound rules that allow traffic from sources outside of your VPC or trusted networks.
-
Save Changes: Once you have removed the public ingress rules, click on the “Save” button to apply the changes.
-
Verify Changes: After saving the changes, verify that the Redshift cluster is no longer publicly accessible by checking the cluster’s endpoint and ensuring it is not accessible from outside networks.
By following these steps, you will remediate the misconfiguration of having an AWS Redshift cluster publicly accessible.
To remediate the issue of an AWS Redshift cluster being publicly accessible, follow these steps using the AWS CLI:
Step 1: List all the Redshift clusters in your AWS account to identify the cluster that is publicly accessible.
aws redshift describe-clusters
Step 2: Identify the Redshift cluster that is publicly accessible by checking the value of the PubliclyAccessible parameter in the cluster description.
Step 3: Modify the Redshift cluster to make the cluster not publicly accessible by updating the cluster’s security group. Replace your-security-group-id with the appropriate security group ID of your Redshift cluster.
aws redshift modify-cluster --cluster-identifier your-cluster-Cluster --no-publicly-accessible --vpc-security-group-ids your-security-group-id
After running these commands, your AWS Redshift cluster should no longer be publicly accessible. Make sure to replace your-cluster-identifier and your-security-group-id with the actual values for your Redshift cluster.
To remediate the misconfiguration of an AWS Redshift cluster being publicly accessible, you can follow these steps using Python and the AWS SDK (boto3):
Step 1: Install the AWS SDK (boto3) if you haven’t already:
pip install boto3
Step 2: Use the following Python script to modify the Redshift cluster parameter group to disable public accessibility:
import boto3
# Initialize the Redshift client
client = boto3.client('redshift')
# Specify the Redshift cluster identifier
cluster_identifier = 'your-redshift-cluster-identifier'
# Describe the cluster to get the current parameter group
response = client.describe_clusters(ClusterIdentifier=cluster_identifier)
parameter_group_name = response['Clusters'][0]['ClusterParameterGroups'][0]['ParameterGroupName']
# Modify the cluster parameter group to disable public accessibility
response = client.modify_cluster_parameter_group(
ParameterGroupName=parameter_group_name,
Parameters=[
{
'ParameterName': 'publicly_accessible',
'ParameterValue': 'false',
'ApplyType': 'dynamic'
},
]
)
# Apply the changes to the Redshift cluster
response = client.modify_cluster(
ClusterIdentifier=cluster_identifier,
ClusterParameterGroupName=parameter_group_name
)
print("Redshift cluster is no longer publicly accessible.")
Make sure to replace 'your-redshift-cluster-identifier' with the actual identifier of your Redshift cluster.
Step 3: Run the Python script to remediate the misconfiguration and make the Redshift cluster not publicly accessible.
By following these steps, you can remediate the misconfiguration of an AWS Redshift cluster being publicly accessible using Python and the AWS SDK (boto3).