Redshift clusters should be encrypted at rest

Severity	Exploitability	Providers	Categories
HIGH	HIGH	AWS	DATA, PERMISSION

Description

AWS Redshift is a fully managed, data warehousing solution from Amazon Web Services. It is capable of processing structured and unstructured data in the range of thousands of petabytes.

The database should always be encrypted at rest to protect the data if accesses are compromised.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	True

Not encrypting data at rest could lead to data leak in case of an attack.

Remediation guidelines

Enable encryption for Redshift clusters, providing a customer managed key (CMK). See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt for more details on CMK.

References

Redshift database encryption

Redshift clusters should be encrypted at rest

Description

Impact

Remediation guidelines

References

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Redshift clusters should be encrypted at rest

Description​

Impact​

Remediation guidelines​

References​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Impact

Remediation guidelines

References