Skip to content

Enable 'require_ssl' Cluster Parameter

Description

Amazon Redshift supports Secure Sockets Layer (SSL) connections to encrypt data and server certificates to validate the server certificate that the client connects to.

By default, cluster databases accept a connection whether it uses SSL or not. To configure your cluster to require an SSL connection, set the require_ssl parameter to true in the parameter group that is associated with the cluster.

For further information about AWS Redshift SSL support refer to the AWS Redshift documentation.

Rationale

Enforce TLS/SSL on your Redshift cluster to keep your data secure in transit by encrypting the connection between the clients and your clusters.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service redshift

Default Rule

const { isAwsRedshift, getRedshiftClusterParameter } = aws

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'require_ssl' parameter is true
 */
function validate(databaseSettings) {
    const parameterName = "require_ssl"
    const param =
        isAwsRedshift(databaseSettings) &&
        getRedshiftClusterParameter(databaseSettings, parameterName)

    const success = param && param.parameterValue === "true"

    return {
        success
    }
}

// invoke
validate(databaseSettings);