Control: 5 Redshift Serverless namespaces should not use the default admin username
Description
This control checks whether the admin username for an Amazon Redshift Serverless namespace is the default admin username, admin. The control fails if the admin username for the Redshift Serverless namespace is admin. You can optionally specify a list of admin usernames for the control to include in the evaluation.
When creating an Amazon Redshift Serverless namespace, you should specify a custom admin username for the namespace. The default admin username is public knowledge. By specifying a custom admin username, you can, for example, help mitigate the risk or effectiveness of brute force attacks against the namespace.
Remediation
You can change the admin username for an Amazon Redshift Serverless namespace by using the Amazon Redshift Serverless console or API. To change it by using the console, choose the namespace configuration, and then choose Edit admin credentials on the Actions menu. To change it programmatically, use the UpdateNamespace operation or, if you’re using the AWS CLI, run the update-namespace command. If you change the admin username, you must also change the admin password at the same time.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_redshiftserverless_5Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_redshiftserverless_5 --shareSQL
This control uses a named query:
select namespace_arn as resource, case when admin_username = 'admin' then 'alarm' else 'ok' end as status, case when admin_username = 'admin' then title || ' uses default admin username.' else title || ' not uses default admin username.' end as reason , region, account_idfrom aws_redshiftserverless_namespace;