Back to All Checks
High Redshift Regional

Redshift security groups should allow ingress on the cluster port only from restricted origins

PCI DSS v4.0.1PCI DSS v1.3.1

Description

Checks whether a security group associated with an Amazon Redshift cluster has ingress rules that permit access to the cluster port from the internet (0.0.0.0/0 or ::/0). The control fails if any associated security group allows unrestricted ingress to the cluster port.

Remediation

Restrict Redshift cluster security group ingress to trusted sources only.

Steps

  1. Open the Amazon EC2 console.
  2. Find the security groups associated with the Redshift cluster.
  3. Edit inbound rules: remove any entry that allows 0.0.0.0/0 or ::/0 for the cluster port.
  4. Add specific CIDR ranges or security groups as needed.

Compliance

PCI DSS v4.0.1PCI DSS v1.3.1
Start Your Free Security Check