Check if Redshift clusters are encrypted at rest.
redshift_cluster_encrypted_at_rest
This control checks whether Amazon Redshift clusters are encrypted at rest. The control fails if a Redshift cluster isn't encrypted at rest.
Risk
Without encryption at rest, sensitive data stored in Redshift clusters is vulnerable to unauthorized access, which could lead to data breaches and regulatory non-compliance.
Run this check with Prowler CLI
prowler aws --checks redshift_cluster_encrypted_at_rest
ARN template
arn:aws:redshift:region:account-id:cluster/cluster-name
Recommendation
Enable encryption at rest for your Redshift clusters using KMS to protect sensitive data from unauthorized access.
Remediation
CLI
aws redshift modify-cluster --cluster-identifier <cluster-id> --encrypted --kms-key-id <key-id>
Source Code
Resource Type
AwsRedshiftCluster