Redshift Not Encrypted
- Query id: cfdcabb0-fc06-427c-865b-c59f13e898ce
- Query name: Redshift Not Encrypted
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_redshift_cluster" "positive1" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
}
resource "aws_redshift_cluster" "positive2" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
encrypted = false
}