Terraform Require Ssl False
Description
Detects when AWS Redshift parameter groups are configured to allow non-SSL connections. This creates a security risk since data transmitted between clients and the Redshift cluster may not be encrypted, potentially exposing sensitive information to network-based attacks.
Detection Strategy
• Identifies Terraform resource blocks that define AWS Redshift parameter groups
• Checks parameter group configuration settings to detect if SSL is not enforced
• Reports a vulnerability if a parameter group allows non-SSL connections or explicitly sets require_ssl to false
Vulnerable code example
resource "aws_redshift_parameter_group" "vulnerable_group" {
name = "vulnerable-redshift-group"
family = "redshift-1.0"
parameter {
name = "require_ssl" # Security risk: Disabling SSL allows unencrypted connections
value = "false"
}...✅ Secure code example
resource "aws_redshift_parameter_group" "secure_group" {
name = "secure-redshift-group"
family = "redshift-1.0"
parameter {
name = "require_ssl" # Security: Enforce SSL/TLS encryption for all connections
value = "true"
}...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.