Redshift Cluster Logging Disabled
- Query id: 15ffbacc-fa42-4f6f-a57d-2feac7365caa
- Query name: Redshift Cluster Logging Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
Make sure Logging is enabled for Redshift Cluster
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_redshift_cluster" "positive1" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
logging {
enable = false
}
}
resource "aws_redshift_cluster" "positive2" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_redshift_cluster" "negative1" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
logging {
enable = true
bucket_name = "nameOfAnExistingS3Bucket"
}
}