Amazon Web Services (AWS) has announced significant updates to its popular data warehousing service, Amazon Redshift, with the introduction of enhanced security features aimed at minimizing data leaks and unauthorized access.
These new default settings strengthen the security posture of newly created Redshift clusters and align with industry best practices for safeguarding sensitive data.
The updates encompass three major changes: disabling public accessibility, enabling database encryption by default, and enforcing secure connections.
These security enhancements apply to newly provisioned Amazon Redshift clusters, Serverless workgroups, and clusters restored from snapshots, offering customers a more secure and simplified setup process.
Disabling Public Accessibility:
Redshift clusters will now be private by default, accessible only within a customer’s Virtual Private Cloud (VPC).
This change limits exposure to the public internet, reducing the risk of unauthorized access. Customers requiring public access must explicitly override the default setting by configuring the PubliclyAccessible parameter during cluster creation.
AWS recommends using security groups or network access control lists (ACLs) to further control access when enabling public accessibility.
Enabling Database Encryption by Default:
All new Redshift clusters will automatically use encryption. Those created without specifying a Key Management Service (KMS) key will default to encryption using an AWS-managed key.
With this change, unencrypted clusters are no longer permitted via the AWS Management Console.
Existing workflows relying on unencrypted clusters, such as certain data-sharing configurations, will require adjustments to ensure compatibility with the new encryption requirement.
Enforcing Secure Connections (SSL):
Secure communication between applications and Redshift clusters is now enforced by default with the introduction of a new parameter group, default.redshift-2.0.
This group automatically sets the require_ssl parameter to true, ensuring that all data exchanged between applications and the database is encrypted to prevent eavesdropping and man-in-the-middle attacks.
While existing custom parameter groups remain unaffected, AWS encourages customers to update their configurations to adopt SSL across all Redshift connections.
These security enhancements are designed to reduce human error and eliminate common misconfigurations, offering customers a more secure out-of-the-box experience.
AWS has advised organizations to review their existing Redshift configurations, scripts, and workflows to align with the new defaults and avoid disruptions.
Amazon Redshift’s new security features underscore AWS’s commitment to protecting customer data while delivering scalable and user-friendly cloud solutions.
For businesses relying on Redshift for data warehousing, these updates mark a crucial step toward better cybersecurity and regulatory compliance.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its…
OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed…
The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…
A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…
Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…
The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…