AWS-Redshift-Redshift-Encryption-Enabled

Severity: Medium

Description: The control ensure  encryption on a Reshift Cluster is enabled. Encryption for Redshift Clusters should be enabled to ensure encryption of data-at-rest. Enabling encryption for clusters helps to protect data against the threat of malicious activity by performing real-time encryption and decryption of the underlying storage for a Redshift, its snapshots.

Remediation Steps:

Perform following to configure encryption for Redshift :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to Redshift console.

3. In the navigation pane, choose CLUSTERS, then choose the cluster that you want to modify for encryption.

4. For Actions, choose Modify to display the configuration page.

5. In the Database configuration section, choose the setting for Encryption Use AWS KMS, then choose KMS key id.

6. Choose Modify cluster.

Important:

•  Once data is encrypted, Amazon handles authentication of access and decryption of data transparently with a minimal impact on performance. No need to modify database client applications to use encryption.

• Amazon uses the industry-standard AES-256 encryption algorithm to encrypt data

Reference:

• https://docs.aws.amazon.com/redshift/latest/mgmt/changing-cluster-encryption.html