07 - Redshift Cluster Master UserName

 

Ensure your Redshift clusters are not using the default master username

Ensure that your redshift clusters do not use the default username that redshift tries to set in order to make it more difficult for credential guessing. This is considered a security best practice and should always be done. Ensuring this is enabled will help with PCI-DSS compliance.

Audit & Remediation

 

 

  • Select the Cluster hyperlink for the database cluster you would like to check.
  • Under Properties scroll down to Database configurations and look under Master user name to see if this is set to awsuser.
  • If Master user name is currently set to awsuser then you will need to create a new cluster in parallel.

 

 

  • Navigate back to the main page https://console.aws.amazon.com/redshiftv2.
  • Select Create cluster button in the top right corner of this page.
  • Under Database configurations be sure to now use a different Master user name other than the default provided.

 

 

  • !important ensure that you use the same settings that are being used with the existing cluster:
    • Encryption Keys
    • Parameter groups
  • Navigate back to the main page https://console.aws.amazon.com/redshiftv2.
  • Once your new cluster is up in a healthy state, you can now start to migrate data to the new cluster.
  • Unload your data from the old Redshift cluster and reload it into the newly created database cluster using the Amazon Redshift Unload/Copy utility. With this utility tool you can unload (export) your data from the source cluster to an AWS S3 bucket, then import it into your destination (new) cluster and clean up the S3 bucket used. All the necessary instructions to install, configure and use the Amazon Redshift Unload/Copy tool can be found at this URL.
  • Once the data migration process has completed and data loaded into the new cluster, update your application end points to point to the new cluster endpoint.
  • Once all application endpoints have been updated it is now safe to power off the old cluster and remove it from your inventory.
  • Repeat the outlined steps for each Redshift cluster you may have
    • See all of your AWS Redshift Clusters in a single place!

    Do you want to see all Redshift Clusters in once place for all regions and all accounts?
    Login to our online demo to see exactly what this looks like.
    demo.intelligentdiscovery.io

     

    Other Key Features

    Inventory

    Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

    learn more +

    Cost & Usage

    Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

    learn more +

    Contact us

    LDAPTIVE, LLC.
    Mount Pleasant, SC
    USA
    Email: info@ldaptive.com
    Intelligent Discovery ™

    LDAPTIVE, LLC 2018 © All Rights Reserved. Privacy Policy | Terms of Service