Amazon Redshift

Redshift Automated Snapshot Retention Period Not Set

Risk Level: Low

Description

This plugin ensures that a valid retention period is set for Amazon Redshift automated snapshots. Automated snapshots must be taken at regular intervals to ensure data protection for the cluster databases.

About the Service

Amazon RedShift: Amazon RedShift is a data warehouse with fast and secure data analyzing features. It is a powerful and robust service powered by Amazon to run SQL queries and even deploy ML (Machine Learning) models on the data. For additional monitoring benefits, it also provides access to real time operational analytics.

Impact

Not enabling automated snapshots is opening doors to a new type of attack. By identifying that snapshots are disabled for your bucket, attackers can not only steal the data but also hold it for ransom. Also, automated snapshots prevent data loss in case of accidental deletion of a cluster.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the Amazon RedShift Console. You can use this link (https://console.aws.amazon.com/redshiftv2/) to navigate directly if already logged in. 
  3. From the left navigation pane, click on Clusters.
  4. A list of clusters will be displayed. Select the cluster you want to examine by clicking on it’s Cluster Name.
  5. Move to the Maintenance tab.
  6. In the Backup details, check the value of “Snapshot retention period”. If it is set to “0 days”, the vulnerability exists. 
  7. Repeat steps for all the clusters you wish to examine.

Steps for Remediation

Modify Amazon Redshift cluster to set snapshot retention period.

  1. Log In to your AWS Console.
  2. Open the Amazon RedShift Console. You can use this link (https://console.aws.amazon.com/redshiftv2/) to navigate directly if already logged in. 
  3. From the left navigation pane, click on Clusters.
  4. A list of clusters will be displayed. Select the vulnerable cluster by clicking on it’s Cluster Name.
  5. Move to the Maintenance tab.
  6. In the Backup details, click on Edit.
  7. In the Retention Period section, specify the number of days for which you wish to retain the snapshots.
  8. Repeat steps for all the vulnerable clusters.