Skip to main content

lacework-global-91

Ensure Redshift Cluster is encrypted

Description

We recommend encrypting an AWS Redshift cluster with a customer-managed KMS key.

Remediation

Encrypt an AWS Redshift cluster during creation.

  1. Log in to the AWS Management Console.

  2. If encrypting using an KMS key and the KMS key does not exist, create the KMS key.

  3. Click Services.

  4. Click Key Management Service.

  5. Click Create a key.

  6. Expand Advanced options.

  7. Select the KMS option.

  8. Fill in applicable KMS fields.

  9. Click Finish.

  10. Click Services.

  11. Click Amazon Redshift.

  12. Click Create cluster.

  13. Toggle Use defaults under Additional configurations to change the default settings.

  14. Expand Database configurations.

  15. Under Encryption, select Use AWS Key Management Service (AWS KMS).

  16. Select Use key from current account, and select a customer-managed KMS key, or select Use key from different account, and enter a customer-managed KMS key ARN.

  17. Fill in applicable Redshift cluster fields.

  18. Click Create cluster.