Redshift Cluster Without VPC
- Query id: 0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3
- Query name: Redshift Cluster Without VPC
- Platform: Terraform
- Severity: Low
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
Redshift Cluster should be configured in VPC (Virtual Private Cloud)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_redshift_cluster" "positive1" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
logging {
enable = true
bucket_name = "nameOfAnExistingS3Bucket"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_redshift_cluster" "negative1" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
logging {
enable = true
bucket_name = "nameOfAnExistingS3Bucket"
}
vpc_security_group_ids = [
aws_security_group.redshift.id
]
cluster_subnet_group_name = aws_redshift_subnet_group.redshift_subnet_group.id
}