AWS-Redshift-Redshift-Cluster-CMK-Encryption

Severity: High

Description: This control ensures redshift cluster is encrypted with KMS CMK key. Self defined KMS CMK customer managed key gives full control over the use and access of these keys. These keys can protect system metadata, automated or manual snapshots.

Remediation Steps:

Perform following to modify database encryption on Redshift cluster :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to Redshift console.

3. In the navigation pane,  select Cluster.

4. Choose the Redshift cluster that you want to modify then click on its identifier link listed in the Cluster column.

5. On the selected cluster configuration tab, click the Properties tab.

6. Under Database configurations clock Edit and select Edit encryption, choose Use AWS KMS option and select desired KMS key ID.

7. Click Save Changes to apply.

Important:

Reference:

• How Amazon Redshift uses AWS KMS - AWS Key Management Service

• Amazon Redshift database encryption - Amazon Redshift