Open menu
-->

AWS Redshift Desired Node Type

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Security
Cost
optimisation

Risk level: Medium (should be achieved)

Determine if your existing Amazon Redshift cluster nodes have the desired type established by your organization based on the workload deployed. Cloud Conformity provides you with the capability to define the desired node types based on your workload requirements upon enabling this rule.

Setting limits for the type of AWS Redshift cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Note 1: You can also limit your Amazon Redshift nodes to the desired instance types using AWS Organizations service by implementing your own Service Control Policy on the master account. A Service Control Policy (SCP) is a type of policy that you can use to manage your organization. SCPs enable you to restrict what resources, services and actions the users, groups, and roles in those AWS accounts can use.
Note 2: The desired Redshift node type used as example in this conformity rule is ds1.xlarge. To meet your own organizational requirements, you will need to configure this rule with your desired node type.

Audit

To determine if the existing nodes provisioned within your Redshift clusters have the desired node type, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Redshift dashboard at https://console.aws.amazon.com/redshift/.

03 In the left navigation panel, under Redshift Dashboard, click Clusters.

04 Choose the Redshift cluster that you want to examine then click on its identifier/name link, listed in the Cluster column.

05 Within Cluster Properties section, check the Node Type attribute value to determine the type of the node(s) provisioned within the selected cluster.

06 Repeat step no. 4 and 5 to verify the node type used by the rest of the AWS Redshift clusters provisioned in the selected region.

07 If the value (i.e. node type) set for the Node Type attribute is not the same for all Redshift clusters available, the Redshift clusters created in the current region were not launched using the desired node type, therefore you must take action and create an AWS support case to limit cluster provisioning only to the desired node type (see Remediation/Resolution section).

08 Change the AWS region from the navigation bar and repeat step no. 4 – 7 for all other regions.

Using AWS CLI

01 Run describe-clusters command (OSX/Linux/UNIX) using custom query filters to list the type of the nodes provisioned within the existing Redshift clusters, available in the selected region:

aws redshift describe-clusters
	--region us-east-1
	--query 'Clusters[*].[ClusterIdentifier,NodeType]'

02 The command output should return an array that contains pairs of metadata representing the identifier and the node(s) type for each Redshift cluster currently available:

[
    [
        "cc-webapp-cluster",
        "ds1.xlarge"
    ],
    [
        "cc-redshift-bgdb",
        "dc1.large"
    ]
]

If the value (i.e. node type) listed in the command output is not the same for all your Redshift clusters, the Redshift clusters available in the current region were not created using the desired node type, therefore you must take action and raise an AWS support case to limit cluster creation only to the desired/required node type.

03 Repeat step no. 1 and 2 to perform the audit process for all other AWS regions.

Remediation / Resolution

To limit the new Amazon Redshift cluster nodes to the desired node type, raise an AWS support case where you explain why you need this type of limitation. For any existing Redshift cluster nodes launched without using the desired type, just take snapshots of the required clusters and relaunch them using the desired node type.
To create the necessary AWS support case, perform the following actions:

Note: Creating a support case to request the node type limitation using the AWS API via Command Line Interface (CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center dashboard at https://console.aws.amazon.com/support/.

03 On the Create Case page, perform the following:

  1. Under Regarding, select Account and Billing Support.
  2. Choose Other Account Issues from the Category dropdown list.
  3. In the Subject field, enter the request subject, e.g. "Limit AWS Redshift clusters launch to a desired node type".
  4. In the Description textbox, enter a brief description where you explain why you need to limit the provisioning of Redshift nodes to a specific type so that AWS support can evaluate your case faster.
  5. From Supported Language, choose your preferred correspondence language for the current case.
  6. Under Contact method, select a preferred contact method that AWS support team can use to respond to your request.
  7. Click Submit to send the limit request to Amazon Web Services.

References

Publication date Sep 28, 2017