v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 3 Amazon Redshift clusters should have automatic snapshots enabled

Description

This control checks whether Amazon Redshift clusters have automated snapshots enabled. It also checks whether the snapshot retention period is greater than or equal to seven.

Backups help you to recover more quickly from a security incident. They strengthen the resilience of your systems. Amazon Redshift takes periodic snapshots by default. This control checks whether automatic snapshots are enabled and retained for at least seven days.

Remediation

To remediate this issue, update the snapshot retention period to at least 7.

To modify the snapshot retention period

  1. Open the Amazon Redshift console.
  2. In the navigation menu, choose Clusters, then choose the name of the cluster to modify.
  3. Choose Edit.
  4. Under Backup, set Snapshot retention to a value of 7 or greater.
  5. Choose Modify Cluster.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_redshift_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_redshift_3 --share

SQL

This control uses a named query:

redshift_cluster_automatic_snapshots_min_7_days

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = backups_enabled
foundational_security_item_id = redshift_3
plugin = aws
service = AWS/Redshift