AWS-Redshift-Redshift-Publicly-Accessible

Severity: High

Description: The control ensure a cluster is not accessible publicly. When Public accessibility is set, a Public IP address will be assigned to a database instance. EC2 instances and devices outside of the VPC hosting the DB instance will be able to connect to the DB instances. Public exposure to the database increases the attack vector. If a Redshift Cluster will not have a public IP address assigned. No EC2 instance or devices outside of the VPC will be able to connect.

Remediation Steps:

Perform following to remove public access to Redshift :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to Redshift console.

3. In the navigation pane, choose CLUSTERS, then select the desired cluster. The snapshot details will be displayed.

4. Choose Actions, then choose change publicly accessible setting

5. under Allow instances and devices outside the VPC connect to your database through the cluster endpoint choose No and apply.

Important:

• Changing the Allow instances and devices outside the VPC connect to your database through the cluster endpoint to No will impact the connected application outside the AWS Infrastructure. 

• If there is a business need to expose clusters over public networks, configure security group rules to restrict traffic only to the trusted Public IPs.

Reference:

• AWS Best Practices

• modify-cluster — AWS CLI 1.36.4 Command Reference