Skip to content

Ensure cluster is private

Description

Ensures that the Redshift cluster is marked as private

Rationale

Restricting access to a redshift cluster from inside the Virtual Private Cloud (VPC) decreases its attack surface. Private instances allow for greater control over the access and visibility of the service. It ensures that redshift is isolated from attackers outside of the private network it is associated with.

More information about VPCs can be found at https://aws.amazon.com/vpc/.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service redshift

Default Rule

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if cluster is not publicly accessible
 */
function validate(databaseSettings) {
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.redshiftCluster &&
                    !databaseSettings.awsDatabaseInstance.redshiftCluster.publiclyAccessible

    return {
        success,
    }
}

// invoke
validate(databaseSettings);