Ensure Redshift is not deployed outside of a VPC

Error: Redshift is deployed outside of a VPC

Bridgecrew Policy ID: BC_AWS_NETWORKING_56
Checkov Check ID: CKV_AWS_154
Severity: LOW

Redshift is deployed outside of a VPC

Description

A VPC is a virtual network in the AWS cloud that is isolated from other virtual networks. When you deploy Redshift in a VPC, you can control the inbound and outbound network traffic to and from your Redshift cluster using security groups and network access control lists (NACLs). This can help to improve the security of your Redshift cluster and protect it from unauthorized access or attacks.

Fix - Buildtime

Terraform

  • Resource: aws_redshift_cluster
  • Argument: cluster_subnet_group_name
resource "aws_redshift_cluster" "pass" {
	...
+ cluster_subnet_group_name="subnet-ebd9cead"
}

CloudFormation

  • Resource: AWS::Redshift::Cluster
  • Argument: Properties.ClusterSubnetGroupName
Type: "AWS::Redshift::Cluster"
  Properties:
    ...
+   ClusterSubnetGroupName: "subnet-ebd9cead"