Skip to main content

Redshift cluster should use a specific VPC

  • GG_ID: GG_IAC_0068
  • Severity: HIGH
  • Complexity: MEDIUM
  • Categories: PERMISSION
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True

Description#

AWS Redshift is a fully managed, data warehousing solution from Amazon Web Services. It is capable of processing structured and unstructured data in the range of thousands of petabytes.

By default, Redshift clusters are in the default VPC (classic mode has been deprecated). The default VPC provides both public egress and ingress capacity to resources placed inside it.

Cluster should be in a user defined VPC subnet to restrict access by default.

Impact#

Not defining a subnet can lead to data leakage and unauthorized accesses.

Remediation guidelines#

Move the from the default VPC to a custom VPC. Note that the cluster will have to be re-created, which will incur some downtime.

You can follow detailed instructions on this AWS migration guide.

External documentation#