Skip to content

Ensure cluster is private


Ensures that the Redshift cluster is marked as private


Restricting access to a redshift cluster from inside the Virtual Private Cloud (VPC) decreases its attack surface. Private instances allow for greater control over the access and visibility of the service. It ensures that redshift is isolated from attackers outside of the private network it is associated with.

More information about VPCs can be found at

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service redshift

Default Rule

 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if cluster is not publicly accessible
function validate(databaseSettings) {
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.redshiftCluster &&

    return {

// invoke