Control: 4 Amazon Redshift clusters should have audit logging enabled
Description
This control checks whether an Amazon Redshift cluster has audit logging enabled.
Amazon Redshift audit logging provides additional information about connections and user activities in your cluster. This data can be stored and secured in Amazon S3 and can be helpful in security audits and investigations.
Remediation
To enable cluster audit logging.
To modify the snapshot retention period
- Open the Amazon Redshift console.
- In the navigation menu, choose
Clusters, then choose the name of the cluster to modify. - Choose
Maintenance and monitoring. - Under
Audit logging, chooseEdit. - Set
Enable audit loggingtoyes, then enter the log destination bucket details. - Choose
Confirm.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_redshift_4Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_redshift_4 --shareSQL
This control uses a named query:
select arn as resource, case when automated_snapshot_retention_period >= 7 then 'ok' else 'alarm' end as status, case when automated_snapshot_retention_period >= 7 then title || ' automatic snapshots enabled with retention period greater than equals 7 days.' else title || ' automatic snapshots enabled with retention period less than 7 days.' end as reason , region, account_idfrom aws_redshift_cluster;