Avoid AWS Redshift cluster with commonly used master username and public access setting enabled
Description
This policy checks whether an AWS Redshift cluster is configured with a commonly used master username and has public access enabled. Using a common username increases the risk of unauthorized access, and enabling public access allows anyone to connect to the cluster. This combination poses a significant security risk, making it easier for attackers to gain access to sensitive data. It is essential to use unique and strong usernames and restrict access to the cluster to authorized personnel only.
Code Example
terraform
resource "aws_redshift_cluster" "example" {
master_username = "unique_username"
publicly_accessible = false
}Remediation
Ensure the Redshift cluster does not use a commonly used master username and public access is disabled.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0438 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | aws_redshift_cluster |
| Checkov ID | CKV_AWS_391 |