Ensure AWS Redshift cluster is encrypted using CMK

Error: AWS Redshift cluster not encrypted using CMK

Bridgecrew Policy ID: BC_AWS_GENERAL_25
Checkov Check ID: CKV_AWS_64
Severity: HIGH

AWS Redshift cluster not encrypted using CMK

Description

TBA

We recommend all data stored in the Redshift cluster is securely encrypted at rest.

Fix - Buildtime

Terraform

  • Resource: aws_redshift_cluster
  • Argument: encrypted, ensure that this argument is set to true to protect this database.
resource "aws_redshift_cluster" "redshift" {
  ...
  cluster_identifier        = "shifty"
+ encrypted                 = true
  kms_key_id                = var.kms_key_id
  ...
}

CloudFormation

  • Resource: AWS::Redshift::Cluster
  • Argument: Properties.Encrypted
Type: "AWS::Redshift::Cluster"
    Properties:
      ...
+     Encrypted: true

Did this page help you?