redshift-cluster-configuration-check
Checks if Amazon Redshift clusters have the specified settings. The rule is NON_COMPLIANT if the Amazon Redshift cluster is not encrypted or encrypted with another key, or if a cluster does not have audit logging enabled.
Identifier: REDSHIFT_CLUSTER_CONFIGURATION_CHECK
Resource Types: AWS::Redshift::Cluster
Trigger type: Configuration changes
Amazon Web Services Region: All supported Amazon regions except Middle East (Bahrain), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Canada West (Calgary), Europe (Spain) Region
Parameters:
- clusterDbEncrypted
- Type: boolean
- Default: true
-
Database encryption is enabled.
- loggingEnabled
- Type: boolean
- Default: true
-
Audit logging is enabled.
- nodeTypes (Optional)
- Type: CSV
- Default: dc1.large
-
Specify node type.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.