Amazon Redshift Security & Governance

Protect your data through industry-leading security and access management features at no additional cost

Spend less time building custom solutions to monitor and protect your data so you can focus on deriving insights from data. Amazon Redshift supports industry-leading security with built-in identity management and federation for single sign-on (SSO), multi-factor authentication, granular access control Amazon Virtual Private Cloud (Amazon VPC), and faster cluster resize. With Amazon Redshift, your data is encrypted in transit and at rest. All Amazon Redshift security features are offered at no additional cost to satisfy the most demanding security, privacy, and compliance requirements. AWS supports more security standards and compliance certifications than any other provider, including ISO 27001, SOC, HIPAA/HITECH, and FedRAMP.

Benefits

Outstanding infrastructure security

Control network access to your data warehouse cluster through firewall rules. Using Amazon Virtual Private Cloud (VPC), isolate your Redshift data warehouse cluster in your own virtual network. Connect to your existing IT infrastructure using open standard encrypted IPsec VPN without using public IPs or requiring traffic to traverse the internet. You can keep your data encrypted at rest and in transit. AWS supports more security standards and compliance certifications than any other provider.

Comprehensive identity management with granular authorization

Use AWS Identity and Access Management (IAM) to authenticate requests and improve the security of your resources. Role-based Access Control (RBAC) simplifies security permissions in Amazon Redshift and controls end user access to data at a broad or granular level based on permission rights and data sensitivity. You can also map database users to IAM roles for federated access. Restrict access to data at row or column level and based on roles with column-level security (CLS) and row-level security (RLS) controls. Combine these controls to enforce granular access to data. Use dynamic data masking in Amazon Redshift to selectively mask personal information data at query time based on job role/permission rights and level of data sensitivity. Control the data masking policies with SQL commands and restrict different levels of permissions to masked data by applying Amazon Redshift RBAC.

Continual audit and compliance

Amazon Redshift integrates with AWS CloudTrail to audit all Redshift API calls. Amazon Redshift logs all SQL operations, including connection attempts, queries, and changes to your data warehouse. It enables faster delivery of audit logs for analysis by minimizing latency while also including Amazon CloudWatch as a new log destination. You can choose to stream audit logs directly to Amazon CloudWatch for real-time monitoring. Amazon Redshift offers a strong compliance framework and advanced tools and security measures that customers can use to evaluate, meet, and demonstrate compliance with applicable legal and regulatory requirements.

Simplified governance

Simplify governance of Amazon Redshift Data Shares with AWS Lake Formation to centrally manage data being shared across your organization. With AWS Lake Formation governing data sharing, you now have better visibility and control of data being shared across accounts within your organization. Data administrators can define policies once and execute them consistently across Amazon Redshift Data Shares to improve the security of your data, and to manage granular entitlements.

Customers

TrustLogix logo
"We’re excited about this new and deeper level of integration with Amazon Redshift. Our joint customers in security-forward and highly regulated sectors including Financial Services, Healthcare, and Pharmaceutical need to have incredibly fine-grained control over which users are allowed to access what data, and under which specific contexts. The new role-level security (RLS) capabilities will allow our customers to precisely dictate data access controls based on their business entitlements while abstracting them away from the technical complexities. The new Amazon Redshift RLS capability will enable our joint customers to model policies at the business level, deploy and enforce them via a security-as-code model, ensuring secure and consistent access to their sensitive data."

Ganesh Kirti, Founder and CEO - TrustLogix

TrustLogix logo
"We are delighted about the row level security (RLS) feature within Amazon Redshift. We had to apply workarounds through views to handle our RLS requirements. With the new RLS within Amazon Redshift, it allows us to create/attach granular policies that apply to the entire set of users/roles and ensure they comply with the organization's standards for data security, compliance, and privacy.” 

Deepak Senthilkumar, Director of Software Engineering – LexisNexis

TrustLogix logo

Baffle delivers data-centric protection for enterprises via a data security platform that is transparent to applications and unique to data security.

“Our mission is to seamlessly weave data security into every data pipeline. Previously, to apply data masking to an Amazon Redshift data source, we had to stage the data in an Amazon S3 bucket. Now, by utilizing the Amazon Redshift Dynamic Data Masking capability, our customers can protect sensitive data throughout the analytics pipeline, from secure ingestion to responsible consumption reducing the risk of breaches.” 

Ameesh Divatia, CEO & co-founder of Baffle

TrustLogix logo

United Airlines is in the business of connecting people and uniting the world.

"As a data-driven enterprise, United is trying to create a unified data and analytics experience for our analytics community that will innovate and build modern data-driven applications. We believe we can achieve this by building a purpose-built data mesh architecture using a variety of AWS services like Athena, AuroraDB, Amazon Redshift, and Lake Formation to simplify management and governance around granular data access and collaboration."

Ashok Srinivas, Director of ML Engineering and Sarang Bapat, Director of Data Engineering – United Airlines

Resources

Video

Introducing role-based access control in Amazon Redshift

Blog

Integrate Amazon Redshift native IdP federation with Microsoft Azure AD and Power BI

Blog

Simplify management of database permissions in Amazon Redshift using role-based access control

What's new

Amazon Redshift announces support for role-based access control (RBAC)

What's new

Amazon Redshift announces native integration with Microsoft Azure Active Directory and Microsoft Power BI

Developer Guide

Role-based access control

Blog

Achieve fine-grained data security with row-level access control in Amazon Redshift

Learn more about Amazon Redshift Security

Read the documentation
Learn more about Amazon Redshift pricing
Visit the pricing page
Ready to build?
Get started with Amazon Redshift