Data at risk

Redshift cluster allows unrestricted inbound traffic

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCPA, coppa, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-53, PDPA, pipeda, UK Cyber Essentials

Description

Redshift clusters are associated with security groups in order to allow other users access to them. Redshift cluster ""{AwsRedshiftCluster}"" is associated with security groups which allow inbound access from any IP address (0.0.0.0/0 or ::/0). These security groups are - {AwsRedshiftCluster.VpcSecurityGroups}. Allowing unrestricted access to the cluster may put your data at risk