AWSConfigRemediation-EnforceSSLOnlyConnectionsToRedshiftCluster - Amazon Systems Manager Automation runbook reference
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).



The AWSConfigRemediation-EnforceSSLOnlyConnectionsToRedshiftCluster runbook requires incoming connections to use SSL for the Amazon Redshift cluster you specify.

Run this Automation (console)

Document type







  • AutomationAssumeRole

    Type: String

    Description: (Required) The Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.

  • ClusterIdentifier

    Type: String

    Description: (Required) The unique identifier of the cluster you want to enable enhanced VPC routing on.

Required IAM permissions

The AutomationAssumeRole parameter requires the following actions to use the runbook successfully.

  • ssm:StartAutomationExecution

  • ssm:GetAutomationExecution

  • redshift:DescribeClusters

  • redshift:DescribeClusterParameters

  • redshift:ModifyClusterParameterGroup

Document Steps

  • aws:executeAwsApi - Gathers parameter details from the cluster specified in the ClusterIdentifier parameter.

  • aws:executeAwsApi - Enables the require_ssl setting on the cluster specified in the ClusterIdentifier parameter.

  • aws:assertAwsResourceProperty - Confirms the require_ssl setting was enabled on the cluster.

  • aws:executeScript - Verifies the require_ssl setting for the cluster.