Redshift Not Encrypted

• Query id: 6a647814-def5-4b85-88f5-897c19f509cd
• Query name: Redshift Not Encrypted
• Platform: Ansible
• Severity: High
• Category: Encryption
• URL: Github

Description

AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

- name: Basic cluster provisioning example
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
- name: Basic cluster provisioning example2
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: false
- name: Basic cluster provisioning example3
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: no

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Basic cluster provisioning example
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: true
- name: Basic cluster provisioning example2
  community.aws.redshift:
    identifier: tf-redshift-cluster
    command: create
    db_name: mydb
    username: foo
    password: Mustbe8characters
    node_type: dc1.large
    cluster_type: single-node
    encrypted: yes