AWS Redshift Database Does Not Have Audit Logging Enabled

Audit logging is not enabled by default in Amazon Redshift. When you enable logging on your cluster, Amazon Redshift creates and uploads logs to Amazon S3 that capture data from the creation of the cluster to the present time.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
CloudFormation

Build Rules

AWS Redshift database does not have audit logging enabled.
JSON Query:
$.Resources.*[?(@.Type=='AWS::Redshift::Cluster')].Properties.LoggingProperties any null
Recommendation:
Recommended solution making sure that Redshift database has audit logging enabled.
It is recommended enable audit logging for Redshift database. Please make sure that "LoggingProperties" block exists.
For example:
"myCluster1":{ "Type":"AWS::Redshift::Cluster", "Properties":{ "DBName":"mydb", "MasterUsername":"master", "LoggingProperties": { "BucketName" : "String", "S3KeyPrefix" : "String" } } }

Run Rule Recommendation

  1. Login to AWS Console.
  2. Goto Amazon Redshift service.
  3. On left navigation panel, click on Clusters.
  4. Click on the reported cluster.
  5. Click on Database tab and choose 'Configure Audit Logging'.
  6. On Enable Audit Logging, choose 'Yes'.
  7. Create a new s3 bucket or use an existing bucket.
  8. click Save.

Compliance

There are 10 standards that are applicable to this policy:
  • PIPEDA
  • HITRUST CSF v9.3
  • NIST CSF
  • NIST 800-171 Rev1
  • GDPR
  • CSA CCM v3.0.1
  • NIST 800-53 Rev4
  • SOC 2
  • ISO 27001:2013
  • CCPA 2018

Recommended For You