Redshift clusters should be encrypted at rest
- GG_ID: GG_IAC_0064
- Severity: HIGH
- Complexity: LOW
- Categories: DATA, PERMISSION
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
#
DescriptionAWS Redshift is a fully managed, data warehousing solution from Amazon Web Services. It is capable of processing structured and unstructured data in the range of thousands of petabytes.
The database should always be encrypted at rest to protect the data if accesses are compromised.
#
ImpactNot encrypting data at rest could lead to data leak in case of an attack.
#
Remediation guidelinesEnable encryption for Redshift clusters, providing a customer managed key (CMK). See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt for more details on CMK.