AWS Redshift cluster encryption disabled
Description
AlphaSOC detected that encryption on an Amazon Redshift cluster was disabled. Amazon Redshift is a cloud-based data warehouse service used to store and analyze large datasets. Redshift clusters store sensitive data and should be encrypted to protect against unauthorized access and data breaches.
Impact
Unencrypted Redshift clusters leave sensitive data vulnerable to unauthorized access, potentially leading to data breaches and compliance violations.
Severity
| Severity | Condition |
|---|---|
Low | AWS Redshift cluster encryption disabled |
Investigation and Remediation
Identify affected Redshift clusters through the AWS Console or API. Enable encryption using AWS KMS keys. If the cluster cannot be encrypted in place, create a new encrypted cluster and migrate the data. Update application connection strings, verify functionality, and remove the unencrypted cluster after successful migration.