Redshift Not Encrypted

  • Query id: 6a647814-def5-4b85-88f5-897c19f509cd
  • Query name: Redshift Not Encrypted
  • Platform: Ansible
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: Basic cluster provisioning example
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
- name: Basic cluster provisioning example2
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: false
- name: Basic cluster provisioning example3
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: no

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Basic cluster provisioning example
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: true
- name: Basic cluster provisioning example2
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: yes