Amazon Redshift to enhance security by changing default behavior
Security is the top priority at Amazon Web Services (AWS). To that end, Amazon Redshift is introducing enhanced security defaults which helps you adhere to best practices in data security and reduce the risk of potential misconfigurations.
Three default security changes will take effect after January 10, 2025. First, public accessibility will be disabled by default for all newly created provisioned clusters and clusters restored from snapshots. By default, connections to clusters will only be permitted from client applications within the same Virtual Private Cloud (VPC). Second, database encryption will be enabled by default for provisioned clusters. When creating a provisioned cluster without specifying a KMS key, the cluster will automatically be encrypted with an AWS-owned key. Third, Amazon Redshift will enforce SSL connections by default for clients connecting to newly created provisioned and restored data warehouses. This default change will also apply to new serverless workgroups.
Please review your data warehouse creation configurations, scripts, and tools to make necessary changes to align with new default settings before January 10, 2025, to avoid any potential disruption. You will still have the ability to modify cluster or workgroup settings to change the default behavior.Your existing data warehouses will not be impacted by these security enhancements. However, it is recommended you review and update your configurations to align with the new default security settings in order to further strengthen the security posture.
These new default changes will be implemented in all AWS regions where Amazon Redshift is available. For more information, please refer to our documentation.