AWSConfigRemediation-EnableRedshiftClusterEncryption - AWS Systems Manager
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AWSConfigRemediation-EnableRedshiftClusterEncryption

描述

The AWSConfigRemediation-EnableRedshiftClusterEncryption Automation document enables encryption on the Amazon Redshift cluster you specify using an AWS Key Management Service (AWS KMS) customer master key (CMK). This Automation document should only be used as a baseline to ensure that your Amazon Redshift clusters are encrypted according to minimum recommended security best practices. We recommend encrypting multiple clusters with different CMKs. This automation cannot change the AWS KMS CMK used on an already encrypted cluster. To change the AWS KMS CMK used to encrypt a cluster, you must first disable encryption on the cluster.

运行此 Automation(控制台)

文档类型

Automation

所有者

Amazon

平台

数据库

参数

  • AutomationAssumeRole

    类型:字符串

    说明:(必需)允许 Systems Manager Automation 代表您执行操作的 AWS Identity and Access Management (IAM) 角色的 Amazon 资源名称 (ARN)。

  • ClusterIdentifer

    类型: 字符串

    描述:(Required) The unique identifier of the cluster you want to enable encryption on.

  • KmsKeyArn

    类型: 字符串

    描述:(Required) The Amazon Resource Name (ARN) of the AWS KMS CMK you want to use to encrypt the cluster's data.

所需的 IAM 权限

AutomationAssumeRole 需要执行以下操作才能成功运行 Automation 文档。

  • ssm:ExecuteAutomation

  • ssm:GetAutomationExecution

  • redshift:DescribeClusters

  • redshift:ModifyCluster

文档步骤

  • aws:executeAwsApi - Enables encryption on the Amazon Redshift cluster specified in the ClusterIdentifer parameter.

  • aws:assertAwsResourceProperty - Verifies encryption has been enabled on the cluster.