Redshift Not Encrypted
- Query id: 6a647814-def5-4b85-88f5-897c19f509cd
- Query name: Redshift Not Encrypted
- Platform: Ansible
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Basic cluster provisioning example
community.aws.redshift:
identifier: tf-redshift-cluster
command: create
db_name: mydb
username: foo
password: Mustbe8characters
node_type: dc1.large
cluster_type: single-node
- name: Basic cluster provisioning example2
community.aws.redshift:
identifier: tf-redshift-cluster
command: create
db_name: mydb
username: foo
password: Mustbe8characters
node_type: dc1.large
cluster_type: single-node
encrypted: false
- name: Basic cluster provisioning example3
community.aws.redshift:
identifier: tf-redshift-cluster
command: create
db_name: mydb
username: foo
password: Mustbe8characters
node_type: dc1.large
cluster_type: single-node
encrypted: no
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Basic cluster provisioning example
community.aws.redshift:
identifier: tf-redshift-cluster
command: create
db_name: mydb
username: foo
password: Mustbe8characters
node_type: dc1.large
cluster_type: single-node
encrypted: true
- name: Basic cluster provisioning example2
community.aws.redshift:
identifier: tf-redshift-cluster
command: create
db_name: mydb
username: foo
password: Mustbe8characters
node_type: dc1.large
cluster_type: single-node
encrypted: yes