Remediation
Enforce SSL/TLS Connections for Redshift Clustersβ
To ensure all client connections use SSL/TLS, update the Redshift cluster parameter group to enable the require_ssl parameter.
Prerequisitesβ
- Verify cluster status is available before making changes
- Plan for a maintenance window as a reboot is required
From Command Lineβ
-
Identify the Parameter Group Associated with the Cluster
Retrieve the name of the parameter group attached to your Redshift cluster:
aws redshift describe-clusters \
--cluster-identifier {{cluster-id}} \
--query "Clusters[0].ClusterParameterGroups[0].ParameterGroupName" \
--output text -
Update the
require_sslParameterModify the identified parameter group to enforce SSL/TLS connections:
aws redshift modify-cluster-parameter-group \
--parameter-group-name {{parameter-group-name}} \
--parameters "ParameterName=require_ssl,ParameterValue=true" -
Reboot the Cluster
Apply the updated parameter group settings by rebooting the cluster:
aws redshift reboot-cluster \
--cluster-identifier {{cluster-id}}