🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: 6 Amazon Redshift should have automatic upgrades to major versions enabled

Description

This control checks whether automatic major version upgrades are enabled for the Amazon Redshift cluster.

Enabling automatic major version upgrades ensures that the latest major version updates to Amazon Redshift clusters are installed during the maintenance window. These updates might include security patches and bug fixes. Keeping up to date with patch installation is an important step in securing systems.

Remediation

To remediate this issue from the AWS CLI, use the Amazon Redshift modify-cluster command to set the --allow-version-upgrade attribute.

From the AWS CLI, run

aws redshift modify-cluster --cluster-identifier clustername --allow-version-upgrade

Where clustername is the name of your Amazon Redshift cluster.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_redshift_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_redshift_6 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when allow_version_upgrade then 'ok'
    else 'alarm'
  end as status,
  case
    when allow_version_upgrade then title || ' automatic upgrades to major versions enabled.'
    else title || ' automatic upgrades to major versions disabled.'
  end as reason
  
  , region, account_id
from
  aws_redshift_cluster;

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = vulnerability_and_patch_management
foundational_security_item_id = redshift_6
plugin = aws
service = AWS/Redshift