Redshift clusters version upgrade is not default
Description
With Allow Version Upgrade feature enabled, the Amazon Redshift engine upgrades (also known as major version upgrades) will occur automatically so the data warehouse service engine can get the newest features, bug fixes or the latest security patches released.
Code Example
shell
{
"aws redshift modify-cluster
--region us-east-1
--cluster-identifier cc-cluster
--allow-version-upgrade",
}Remediation
CLI Command
. Run modify-cluster command (OSX/Linux/UNIX) using the name of the cluster that you want to update as identifier (see Audit section part II, step no. + 2) to enable AWS Redshift engine version upgrades for the selected cluster: +
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0191 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_141 |