Query: Redshift security groups should allow ingress on the cluster port only from restricted origins

Description

This control checks whether a security group associated with an Amazon Redshift cluster has ingress rules that permit access to the cluster port from the internet (0.0.0.0/0 or ::/0). The control fails if the security group ingress rules permit access to the cluster port from the internet.

Query

Tables used in this query:

• aws_redshift_cluster
• aws_vpc_security_group_rule

Controls using this query:

• 15 Redshift security groups should allow ingress on the cluster port only from restricted origins
• Redshift security groups should allow ingress on the cluster port only from restricted origins

SQL