Redshift cluster is publicly accessible Affecting Redshift service in AWS

Severity Framework Snyk CCSS

Rule category Data / Access Control

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00464
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Publicly accessible Redshift clusters allow any AWS user or anonymous user access to the data in the database.

How to fix?

Set the publicly_accessible attribute to false.

Example Configuration

resource "aws_redshift_cluster" "valid" {
  cluster_identifier = "cluster-public-test-valid"
  master_username    = "webadmin"
  master_password    = "SecretPassw0rd"
  node_type          = "dc2.large"
  cluster_subnet_group_name = "${aws_redshift_subnet_group.redshiftvpc.id}"
  publicly_accessible = false
  skip_final_snapshot = true
}

Terraform

aws_redshift_cluster

References

Managing clusters in a VPC