Terraform Audit Logging Disabled
Description
Detects AWS Redshift clusters defined in Terraform that have audit logging disabled. Audit logging is essential for security monitoring, compliance and incident investigation in Redshift clusters, and disabling it creates a significant security blind spot.
Detection Strategy
• Look for Terraform resource blocks defining AWS Redshift clusters (aws_redshift_cluster)
• Check if the resource configuration is missing the 'logging' block or has 'enable' set to false
• Report a vulnerability if audit logging is not explicitly enabled for the Redshift cluster
Vulnerable code example
resource "aws_redshift_cluster" "example" {
cluster_identifier = "redshift-cluster"
# Security issue: Missing logging configuration makes audit tracking impossible
}
resource "aws_redshift_cluster" "example2" {
cluster_identifier = "redshift-cluster2"
...✅ Secure code example
resource "aws_redshift_cluster" "example" {
cluster_identifier = "redshift-cluster"
# Enable logging to maintain audit trail of cluster activities
logging {
enable = true
bucket_name = "audit-bucket"
s3_key_prefix = "cluster1-logs/" # Organize logs with clear prefix...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.