AWS Redshift Terraform module
Upstream version 7.1.0
7 controls from FFIEC Cybersecurity Assessment Tool requirements
Terraform Module Source
ffiec.compliance.tf/terraform-aws-modules/redshift/awsBehavioral Summary
This module modifies 6 variable defaults and makes 0 resource changes from the upstream module. All changes are driven by compliance controls and can be reviewed in detail below.
Your Code Impact
If you are migrating from the upstream module, the enforced default changes mean your existing configurations will automatically gain compliance controls. Variables you have explicitly set will continue to use your values. Review the diff below to understand exactly what changes.
Compared to
terraform-aws-modules/redshift/aws@7.1.06 changesVariables Changed
6| Variable | Upstream | CTF | Reason | Control |
|---|---|---|---|---|
| allow_version_upgrade | - | true | Ensure whether AWS Redshift clusters have the specified maintenance settings. Redshift clusters `allowVersionUpgrade` should be set to `true` and `automatedSnapshotRetentionPeriod` should be greater than 7. | redshift_cluster_maintenance_settings_check |
| automated_snapshot_retention_period | - | 7 | This control checks whether AWS Redshift clusters have automated snapshots enabled. It also checks whether the snapshot retention period is greater than or equal to seven. | redshift_cluster_automatic_snapshots_min_7_days |
| cloudwatch_log_group_retention_in_days | 0 | 365 | Ensure a minimum duration of event log data is retained for your log groups to help with troubleshooting and forensics investigations. | cloudwatch_log_group_retention_period_365 |
| encrypted | - | true | Ensure that your AWS Redshift clusters require TLS/SSL encryption to connect to SQL clients. | redshift_cluster_encryption_in_transit_enabled |
| enhanced_vpc_routing | - | true | Ensure that AWS Redshift cluster has 'enhancedVpcRouting' enabled. The rule is non-compliant if 'enhancedVpcRouting' is not enabled or if the configuration.enhancedVpcRouting field is 'false'. | redshift_cluster_enhanced_vpc_routing_enabled |
| publicly_accessible | - | false | Manage access to resources in the AWS Cloud by ensuring that AWS Redshift clusters are not public. | redshift_cluster_prohibit_public_access |