redshift-cluster-configuration-check - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

redshift-cluster-configuration-check

Checks if Amazon Redshift clusters have the specified settings. The rule is NON_COMPLIANT if the Amazon Redshift cluster is not encrypted or encrypted with another key, or if a cluster does not have audit logging enabled.

Identifier: REDSHIFT_CLUSTER_CONFIGURATION_CHECK

Resource Types: AWS::Redshift::Cluster

Trigger type: Configuration changes

Amazon Web Services Region: All supported Amazon regions except Middle East (Bahrain), Middle East (UAE), Asia Pacific (Hyderabad), Canada West (Calgary), Europe (Spain) Region

Parameters:

clusterDbEncrypted
Type: boolean
Default: true

Database encryption is enabled.

loggingEnabled
Type: boolean
Default: true

Audit logging is enabled.

nodeTypes (Optional)
Type: CSV
Default: dc1.large

Specify node type.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.