Redshift Publicly Accessible
- Query id: 5c6b727b-1382-4629-8ba9-abd1365e5610
- Query name: Redshift Publicly Accessible
- Platform: Ansible
- Severity: High
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true (default is false)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: Basic cluster provisioning example04
community.aws.redshift:
command: create
node_type: ds1.xlarge
identifier: new_cluster
username: cluster_admin
password: 1nsecur3
publicly_accessible: yes
- name: Basic cluster provisioning example05
community.aws.redshift:
command: create
node_type: ds1.xlarge
identifier: new_cluster
username: cluster_admin
password: 1nsecur3
publicly_accessible: True
- name: Basic cluster provisioning example06
redshift:
command: create
node_type: ds1.xlarge
identifier: new_cluster
username: cluster_admin
password: 1nsecur3
publicly_accessible: Yes
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Basic cluster provisioning example01
community.aws.redshift:
command: create
node_type: ds1.xlarge
identifier: new_cluster
username: cluster_admin
password: 1nsecur3
publicly_accessible: no
- name: Basic cluster provisioning example02
community.aws.redshift:
command: create
node_type: ds1.xlarge
identifier: new_cluster
username: cluster_admin
password: 1nsecur3
- name: Basic cluster provisioning example03
redshift:
command: create
node_type: ds1.xlarge
identifier: new_cluster
username: cluster_admin
password: 1nsecur3
publicly_accessible: false