Redshift clusters should be encrypted

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Ensure that AWS RedShift clusters are encrypted.

Rationale

Encrypting Redshift clusters protects your sensitive data from unauthorized access.

Remediation

From the console

Follow the Changing cluster encryption docs to ensure your clusters are encrypted.

From the command line

  1. Run describe-clusters with your cluster identifier.

     aws redshift describe-clusters \
         --cluster-identifier cluster-name
    
  2. Run create-cluster using the configuration details returned in step 1 along with the encrypted flag.

     aws redshift create-cluster \
         --cluster-identifier cluster-name \
         --encrypted
    
  3. Run describe-cluster with a query filter to expose the new endpoint address.

     aws redshift describe-clusters \
         --cluster-identifier cluster-name \
         --query 'Clusters[*].Endpoint.Address'
    
  4. Use the cluster endpoint URL with the Amazon Redshift Unload/Copy tool.

  5. Update your encrypted Redshift cluster configuration with the new Redshift cluster endpoint URL.

  6. Once the endpoint is changed, run delete-cluster to remove the old unencrypted cluster.

     aws redshift delete-cluster \
         --cluster-identifier old-cluster \
         --final-cluster-snapshot-identifier old-cluster-finalsnapshot
    
PREVIEWING: safchain/fix-custom-agent