Ensure that Amazon Redshift clusters provisioned in your AWS account are using AWS Secrets Manager service to manage database access credentials in order to meet security and compliance requirements. Secrets Manager helps you protect sensitive information needed to access your AWS cloud resources such as RDS and Redshift databases. The service provides built-in integration for Amazon Redshift and can be used to rotate, manage and retrieve credentials for this type of database cluster natively.
With Amazon Secrets Manager you can secure and manage access credentials required to access Redshift database clusters. The Secrets Manager service will store Redshift cluster credentials as part of the encrypted secret value.
Audit
To determine if AWS Secrets Manager is used to manage Redshift database cluster credentials in your AWS account, perform the following actions:
Remediation / Resolution
To use Amazon Secrets Manager service to store and manage AWS Redshift database cluster credentials, perform the following actions:
References
- AWS Documentation
- AWS Secrets Manager FAQs
- AWS Secrets Manager Best Practices
- Retrieving the Secret Value
- Creating a Basic Secret
- Rotating Secrets for Amazon Redshift
- AWS Command Line Interface (CLI) Documentation
- secretsmanager
- list-secrets
- get-secret-value
- create-secret
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS Secrets Manager in Use for Redshift Clusters
Risk Level: Medium