Json Yaml Publicly Accessible True Redshift
Description
Detects AWS Redshift clusters that are configured to be publicly accessible in CloudFormation templates. Public Redshift clusters can be accessed from the internet, which increases the attack surface and may lead to unauthorized database access if not properly secured.
Detection Strategy
• Review CloudFormation template files for AWS::Redshift::Cluster resource definitions
• Check if the Redshift cluster resource has PubliclyAccessible property set to true
• Report a security issue if a Redshift cluster is configured to allow public access
Vulnerable code example
Resources:
MyRedshiftCluster:
Type: 'AWS::Redshift::Cluster'
Properties:
ClusterType: multi-node
NodeType: ds2.xlarge
# Unsafe: Hardcoded credentials in infrastructure code
MasterUsername: admin123...✅ Secure code example
Resources:
MyRedshiftCluster:
Type: 'AWS::Redshift::Cluster'
Properties:
ClusterType: multi-node
NodeType: ds2.xlarge
# Use SSM Parameter Store for secure credential management
MasterUsername: '{{resolve:ssm-secure:/redshift/master-username:1}}'...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.