Redshift cluster does not require SSL connections Affecting Redshift service in AWS

Snyk CCSS

Keys and Secrets / Encryption in Transit

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM GDPR HIPAA ISO-27001 NIST-800-53 PCI-DSS SOC-2

Snyk ID SNYK-CC-00236
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Data transferred between a client and Redshift is vulnerable to hijacking and information disclosure.

How to fix?

Set parameter.name to require_ssl and parameter.value to true.

Example Configuration

resource "aws_redshift_parameter_group" "allowed" {
  name   = "parameter-group-test-terraform"
  family = "redshift-1.0"

  parameter {
    name  = "require_ssl"
    value = "true"
  }
}

Terraform

Resource: aws_redshift_parameter_group

References

Configuring security options for connections
Amazon Redshift parameter groups