Benchmark: Redshift
Overview
This section contains recommendations for configuring AWS Redshift resources and options.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Redshift.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.foundational_security_redshiftSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.foundational_security_redshift --shareControls
- 1 Amazon Redshift clusters should prohibit public access
- 2 Connections to Amazon Redshift clusters should be encrypted in transit
- 3 Amazon Redshift clusters should have automatic snapshots enabled
- 4 Amazon Redshift clusters should have audit logging enabled
- 6 Amazon Redshift should have automatic upgrades to major versions enabled
- 7 Amazon Redshift clusters should use enhanced VPC routing
- 8 Amazon Redshift clusters should not use the default Admin username
- 9 Redshift clusters should not use the default database name
- 10 Redshift clusters should be encrypted at rest
- 15 Redshift security groups should allow ingress on the cluster port only from restricted origins
- 18 Redshift clusters should have Multi-AZ deployments enabled