AWSConfigRemediation-DisablePublicAccessToRedshiftCluster - Amazon Systems Manager Automation runbook reference
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).



The AWSConfigRemediation-DisablePublicAccessToRedshiftCluster runbook disables public accessibility for the Amazon Redshift cluster that you specify.

Run this Automation (console)

Document type







  • AutomationAssumeRole

    Type: String

    Description: (Required) The Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.

  • ClusterIdentifier

    Type: String

    Description: (Required) The unique identifier of the cluster that you want to disable public accessibility for.

Required IAM permissions

The AutomationAssumeRole parameter requires the following actions to use the runbook successfully.

  • ssm:StartAutomationExecution

  • ssm:GetAutomationExecution

  • redshift:DescribeClusters

  • redshift:ModifyCluster

Document Steps

  • aws:executeAwsApi - Disables public accessibility for the cluster specified in the ClusterIdentifier parameter.

  • aws:waitForAwsResourceProperty - Waits for the state of the cluster to change to available .

  • aws:assertAwsResourceProperty - Confirms the public accessibility setting is disabled on the cluster.