Description
This policy identifies AWS Redshift Clusters that do not have encryption at rest enabled.
Rationaleβ
Encryption at rest is a fundamental security control that ensures only authorized users with the appropriate AWS KMS permissions can access cluster data. It protects sensitive information by making it unreadable in the event that physical storage media is compromised.
Auditβ
This policy flags an Amazon Redshift Cluster as INCOMPLIANT if Encryption is not set to Enabled.