Terraform Publicly Accessible True Redshift

Description

Identifies AWS Redshift clusters that are configured to be publicly accessible in Terraform configurations. Having publicly accessible Redshift clusters exposes the data warehouse to potential unauthorized access from the internet, which could lead to data breaches.

Weakness:

165 - Insecure service configuration - AWS

Category: Functionality Abuse

Detection Strategy

• Scans Terraform configuration files for 'aws_redshift_cluster' resource declarations

• Checks if the cluster is configured with publicly accessible settings

• Reports a vulnerability when a Redshift cluster is explicitly configured to allow public access

• Focuses on Terraform AWS provider configurations that manage Redshift cluster resources

Vulnerable code example

resource "aws_redshift_cluster" "example" {
  cluster_identifier  = "example-cluster"
  database_name      = "exampledb"
  master_username    = "admin"
  master_password    = "password123"
  node_type         = "dc2.large"
  publicly_accessible = true  # Security risk: Cluster is exposed to the public internet
}

✅ Secure code example

resource "aws_redshift_cluster" "example" {
  cluster_identifier  = "example-cluster"
  database_name      = "exampledb"
  master_username    = "admin"
  # Use SSM Parameter Store for password management instead of hardcoding
  master_password    = data.aws_ssm_parameter.redshift_password.value
  node_type         = "dc2.large"
  ...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.