Question 1

Is allow_version_upgrade enforced for CIS Controls v8.0 IG1?

Accepted Answer

Yes, Ensure whether AWS Redshift clusters have the specified maintenance settings. Redshift clusters `allowVersionUpgrade` should be set to `true` and `automatedSnapshotRetentionPeriod` should be greater than 7.

Question 2

Is automated_snapshot_retention_period enforced for CIS Controls v8.0 IG1?

Accepted Answer

Yes, This control checks whether AWS Redshift clusters have automated snapshots enabled. It also checks whether the snapshot retention period is greater than or equal to seven.

Question 3

Is cloudwatch_log_group_retention_in_days enforced for CIS Controls v8.0 IG1?

Accepted Answer

Yes, Ensure a minimum duration of event log data is retained for your log groups to help with troubleshooting and forensics investigations.

Question 4

Is encrypted enforced for CIS Controls v8.0 IG1?

Accepted Answer

Yes, To protect data at rest, ensure that encryption is enabled for your AWS Redshift clusters. You must also ensure that required configurations are deployed on AWS Redshift clusters. The audit logging should be enabled to provide information about connections and user activities in the database.

Question 5

Is publicly_accessible enforced for CIS Controls v8.0 IG1?

Accepted Answer

Yes, Manage access to resources in the AWS Cloud by ensuring that AWS Redshift clusters are not public.

AWS Redshift Terraform module

Terraform Module Source