AWS Redshift does not have require_ssl configured
Description
This policy identifies Redshift databases in which data connection to and from is occurring on an insecure channel. SSL connections ensures the security of the data in transit.
Code Example
resource "aws_redshift_parameter_group" "pass" {
...
parameter {
name = "require_ssl"
value = "true"
}
}Remediation
AWS Console
. Login to the AWS and navigate to the `Amazon Redshift` service.
. Expand the identified `Redshift` cluster and make a note of the `Cluster Parameter Group`
. In the navigation panel, click on the `Parameter group`.
. Select the identified `Parameter Group` and click on `Edit Parameters`.
. Review the require_ssl flag. + Update the parameter `require_ssl` to true and save it. + NOTE: If the current parameter group is a Default parameter group, it cannot be edited. + You will need to create a new parameter group and point it to an affected cluster. === Fix - Buildtime
Terraform
- Resource: aws_redshift_parameter_group
- Arguments: parameter.require_ssl
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0158 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_105 |