AWS-Redshift-Redshift-Cluster-Default-Master-Username

Owned by naveen
Last updated: Nov 30, 2021
1 min read

Severity: Medium

Description: The control checks for common usernames for Redshift Clusters as specified in the specification and ensure a cluster is not using them. The use of default usernames and passwords are common weak points in any system. The master user of the Redshift is granted with certain privileges when creating the Cluster, and it is not recommended to use the master user for any purpose. A unique username should be specified for the master user, protected with a strong password to minimize the chances of security breaches.

Remediation Steps:

Perform following to change the master username for Redshift :

  1. Step 1: Backup Redshift configuration using AWS cli

    1. opy output of the command : 

      aws redshift describe-clusters --cluster-identifier [your-cluster-name] --region [region-name]

    2. Use Unload Copy Utility from awslabs or any other tool of your choice to backup data from old Redshift to S3 bucket, also to load data from s3 bucket to new Redshift Cluster.

  2. Step 2 : Create a new Redshift cluster with a similar configuration

    1. Login to the AWS Management Console at https://console.aws.amazon.com.

    2. Navigate to Redshift console.

    3. In the navigation pane, choose CLUSTERS, then choose Create cluster. The Create cluster page appears.

    4. Choose node type . For Nodes, choose .

    5. In the Cluster details section, specify values for Cluster identifier, Database port, and Master user password. 

    6. Enter a unique Master user name

    7. Choose Create cluster.

    8. Use the Same Unload Copy Utility to load data from s3 to your Redshift cluster.

Important:

  • Avoid common master usernames like admin, awsuser, administrator, root, adminuser, master.

  • AWS doesn't allow to modify master user once a cluster is created.

Reference:

  • AWS best practices

Blue Hexagon Proprietary