Redshift Cluster Without VPC

• Query id: 0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3
• Query name: Redshift Cluster Without VPC
• Platform: Terraform
• Severity: Low
• Category: Insecure Configurations
• CWE: 284
• URL: Github

Description

Redshift Cluster should be configured in VPC (Virtual Private Cloud)
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_redshift_cluster" "positive1" {
  cluster_identifier = "tf-redshift-cluster"
  database_name      = "mydb"
  master_username    = "foo"
  master_password    = "Mustbe8characters"
  node_type          = "dc1.large"
  cluster_type       = "single-node"
  logging {
      enable = true
      bucket_name = "nameOfAnExistingS3Bucket"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_redshift_cluster" "negative1" {
  cluster_identifier = "tf-redshift-cluster"
  database_name      = "mydb"
  master_username    = "foo"
  master_password    = "Mustbe8characters"
  node_type          = "dc1.large"
  cluster_type       = "single-node"
  logging {
      enable = true
      bucket_name = "nameOfAnExistingS3Bucket"
  }
  vpc_security_group_ids = [
    aws_security_group.redshift.id
  ]
  cluster_subnet_group_name = aws_redshift_subnet_group.redshift_subnet_group.id
}