Control: 3 Amazon Redshift clusters should have automatic snapshots enabled
Description
This control checks whether Amazon Redshift clusters have automated snapshots enabled. It also checks whether the snapshot retention period is greater than or equal to seven.
Backups help you to recover more quickly from a security incident. They strengthen the resilience of your systems. Amazon Redshift takes periodic snapshots by default. This control checks whether automatic snapshots are enabled and retained for at least seven days.
Remediation
To remediate this issue, update the snapshot retention period to at least 7.
To modify the snapshot retention period
- Open the Amazon Redshift console.
- In the navigation menu, choose
Clusters, then choose the name of the cluster to modify. - Choose
Edit. - Under
Backup, setSnapshot retentionto a value of 7 or greater. - Choose
Modify Cluster.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_redshift_3Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_redshift_3 --shareSQL
This control uses a named query:
select arn as resource, case when automated_snapshot_retention_period >= 7 then 'ok' else 'alarm' end as status, case when automated_snapshot_retention_period >= 7 then title || ' automatic snapshots enabled with retention period greater than equals 7 days.' else title || ' automatic snapshots enabled with retention period less than 7 days.' end as reason , region, account_idfrom aws_redshift_cluster;