Redshift cluster does not use the default database name dev
redshift_cluster_non_default_database_name
Amazon Redshift clusters are identified when the database name equals the default dev, rather than a custom name.
Risk
Using the predictable dev name weakens confidentiality and integrity. Mis-scoped IAM or network rules may unintentionally match the database, and known names aid enumeration and targeted connection attempts, increasing the likelihood of unauthorized queries and data exposure.
prowler aws --checks redshift_cluster_non_default_database_name
Recommendation
Use a unique, non-default database name per cluster. Define a naming standard that avoids generic values (e.g., dev, test) and supports least privilege by preventing broad policy conditions. Review IAM and network rules to reference only intended, explicit resources.
Remediation
- In the AWS Management Console, go to Amazon Redshift > Provisioned clusters
- Click Create cluster
- In Database configurations, set Database name to a value that is not "dev"
- Complete the wizard and create the cluster
- Migrate workloads to the new cluster and delete the old cluster that used the default "dev" database name
Source Code
Resource Type
AwsRedshiftCluster