Home Security & Health Security Audit Amazon Redshift cluster parameter groups should have SSL enabled

Amazon Redshift cluster parameter groups should have SSL enabled


AWS users want to ensure that their infrastructure attains maximum security levels so that their daily operations do not get disrupted due to any security threats. It is recommended for users to make sure that their Amazon Redshift clusters and parameter groups are properly configured.

Why you should enable SSL for Amazon Redshift cluster parameter groups?

In Amazon Redshift, a parameter group is a group of parameters that apply to all the databases that you create in the cluster. These parameters configure database settings such as query timeout and date style.

It is important for users to have SSL (Secure Socket Layer) protocol enabled to eliminate the vulnerabilities of man-in-the-middle attacks and eavesdropping. SSL aids in encryption/decryption processes for your Redshift cluster. As a result, this helps in maintaining data security during transit between client applications and data warehouse clusters.

How can Centilytics help you?

Centilytics has a dedicated insight for SSL enablement that gives severity warnings whenever a Redshift cluster with inactive SSL connection is detected.

Insight descriptions:

There can be 2 possible scenarios:

Severity Description
OK This indication will be displayed when your Amazon Redshift cluster has SSL enabled i.e. SSL encryption is not active.
CRITICAL This indication will be displayed when the Redshift cluster does not have SSL enabled i.e. SSL encryption is not active.


Description of further columns are as follows:

  1. Account Id: This column Shows the respective account ID of the user’s account.    AWS Redshift 44
  2. Account Name: This column shows the corresponding account name to the user’s account.AWS Redshift 88
  3. Region: This column shows the region in which the corresponding Amazon Redshift cluster exists.AWS Redshift 33
  4. Identifier: This column shows the name of the corresponding Redshift cluster.AWS Redshift 445
  5. SSL Connection Status: This column shows the status of whether SSL is enabled for your parameter groups or not.AWS Redshift 222

Filters applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Region Applying the region filter will display data according to the selected region.
Severity Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.


Read about AWS Redshift cluster encryption here.

Read About