AWS-Redshift-Redshift-Parameter-Group-SSL-Required

Severity: Low

Description: This control ensures that Redshift clusters are configured to require SSL connection. When communication between client and clusters are not configured to require SSL connections, such connections are vulnerable to eavesdropping and man-in-the-middle (MITM) attacks. A SSL connection communicates in secure environment.

Remediation Steps:

Perform following to update SSL parameter group :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to Redshift console.

3. In the navigation pane, under CONFIG, select Workload management.

4. Choose the Parameter Groups that you want to modify then under Parameters section click on Edit Parameters button.

5. On the selected parameter group configuration tab, choose the require_ssl parameter and change its current value from false to true.

6. Click Save Changes to apply.

Important:

• For changes to take place cluster reboot is required.

Reference:

• modify-cluster-parameter-group — AWS CLI 1.36.5 Command Reference

• ModifyClusterParameterGroup - Amazon Redshift