AWS-Redshift-Redshift-Cluster-Default-Port

Owned by naveen
Last updated: Nov 30, 2021
2 min read

Severity: Low

Description: The control checks endpoint port value for a Redshift Cluster and  ensures that the Redshift cluster is not using default port. When applications are configured to listen on non-default ports, attackers/malicious-users will require to initiate network scans which may delay actual attack attempt/payload and increase the probability of network anomaly detection an opportunity to administrators to take compensatory actions like blocking malicious-users/IPs.

Remediation Steps:

Perform following to configure listening port for Redshift :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Navigate to Redshift console.

  3. Step 1: Create a Snapshot

    1. In the navigation pane, choose CLUSTERS, Snapshots, then select the Snapshot schedules tab. The snapshot schedules are displayed.

    2. Choose Add schedule to display the page to add a schedule.

    3. Enter the properties of the schedule definition, then choose Add schedule.

    4. On the page that appears, you can attach clusters to your new snapshot schedule, then choose OK.

  4. Step 1: Restore cluster from snapshot

    1. In the navigation menu, choose CLUSTERS, Snapshots, then choose the snapshot to restore.

    2. Choose Restore from snapshot to view the Cluster configuration and Cluster details values of the new cluster to be created using the snapshot information.

    3. Under the Database port enter the value other than default port.

    4. Update the properties of the new cluster, then choose Restore cluster from snapshot.

Important:

  • AWS doesn't allow to modify port value once a cluster is created, need to create a snapshot of most recent state and restore it.

  • While Restoring cluster from snapshot do not forget to verify networking settings.

  • Redshift default endpoint port is 5439.

  • Changing cluster port Introduces Downtime.

  • Changing the cluster port will break communication between a cluster and dependent applications. Connection strings configured will require modification. 

  • Security Groups associated with cluster will need an update to allow inbound traffic to cluster. 

  • Security groups/firewalls associated with applications communicating with the database may need an update to allow inbound traffic to cluster.

Reference:

Blue Hexagon Proprietary