Skip to content

Ensure the default user is not used


Ensures that Redshift clusters do not have any users with username "awsuser". Redshift clusters will be created with the default username "awsuser" unless custom user names are provided.


The use of the default username makes it more likely that scraping software will guess the master username. Selecting a custom username ensures that attackers must obtain a username and password pair, preventing a brute force attack on the password. This offers more security for the master account.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service redshift

Default Rule

 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if redshift instance is not using 'awsuser' as master username
function validate(databaseSettings) {
    const defaultUser = "awsuser"
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.redshiftCluster &&
                    databaseSettings.awsDatabaseInstance.redshiftCluster.masterUsername !== defaultUser

    return {

// invoke