Redshift Publicly Accessible

  • Query id: 5c6b727b-1382-4629-8ba9-abd1365e5610
  • Query name: Redshift Publicly Accessible
  • Platform: Ansible
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true (default is false)
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
---
- name: Basic cluster provisioning example04
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    publicly_accessible: yes
- name: Basic cluster provisioning example05
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    publicly_accessible: True
- name: Basic cluster provisioning example06
  redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    publicly_accessible: Yes

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Basic cluster provisioning example01
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    publicly_accessible: no
- name: Basic cluster provisioning example02
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
- name: Basic cluster provisioning example03
  redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    publicly_accessible: false