Unencrypted AWS Redshift cluster using CMK is detected. Make sure that AWS Redshift cluster is properly encrypted using CMK.
1resource "aws_redshift_cluster" "test" {
2 # Noncompliant: All data stored in the Redshift cluster is not encrypted at rest.
3 cluster_identifier = "redshift-defaults-only"
4 database_name = "mydb"
5 node_type = "dc2.large"
6 master_password = "Test1234"
7 master_username = "test"
8 skip_final_snapshot = true
9 kms_key_id = aws_kms_key.test.arn
10 publicly_accessible= "false"
11 cluster_subnet_group_name="subnet-ebd9cead"
12 logging {
13 enable = "true"
14 }
15 enhanced_vpc_routing = true
16}
1resource "aws_redshift_cluster" "test" {
2 cluster_identifier = "redshift-defaults-only"
3 database_name = "mydb"
4 node_type = "dc2.large"
5 master_password = "Test1234"
6 master_username = "test"
7 # Compliant: All data stored in the Redshift cluster is securely encrypted at rest.
8 encrypted = true
9 skip_final_snapshot = true
10 kms_key_id = aws_kms_key.test.arn
11 publicly_accessible= "false"
12 cluster_subnet_group_name="subnet-ebd9cead"
13 logging {
14 enable = "true"
15 }
16 enhanced_vpc_routing = true
17}