Skip to content

Ensure auto-update is enabled

Description

Ensures that Redshift has auto-update enabled. AWS Redshift offers the capability to automatically upgrade and patch your cluster.

Rationale

The use of auto-update ensures that clusters have fewer vulnerabilities as it keeps Redshift up-to-date with the latest bug fixes and security patches. It simplifies cluster management by handling the installation process automatically. Auto-update also reduces the time where the cluster is vulnerable to known and patched attacks, improving the security of the cluster.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service redshift

Default Rule

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if automatic version upgrades are enabled
 */
function validate(databaseSettings) {
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.redshiftCluster &&
                    databaseSettings.awsDatabaseInstance.redshiftCluster.allowVersionUpgrade

    return {
        success,
    }
}

// invoke
validate(databaseSettings);