v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 4 Amazon Redshift clusters should have audit logging enabled

Description

This control checks whether an Amazon Redshift cluster has audit logging enabled.

Amazon Redshift audit logging provides additional information about connections and user activities in your cluster. This data can be stored and secured in Amazon S3 and can be helpful in security audits and investigations.

Remediation

To enable cluster audit logging.

To modify the snapshot retention period

  1. Open the Amazon Redshift console.
  2. In the navigation menu, choose Clusters, then choose the name of the cluster to modify.
  3. Choose Maintenance and monitoring.
  4. Under Audit logging, choose Edit.
  5. Set Enable audit logging to yes, then enter the log destination bucket details.
  6. Choose Confirm.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_redshift_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_redshift_4 --share

SQL

This control uses a named query:

redshift_cluster_automatic_snapshots_min_7_days

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = logging
foundational_security_item_id = redshift_4
plugin = aws
service = AWS/Redshift