The aws-redshift mod contains resource, control and policy definitions for AWS Redshift service.
Resource Types
Resource types covered by this mod:
- AWS > Redshift
- AWS > Redshift > Cluster
- AWS > Redshift > Cluster Parameter Group
- AWS > Redshift > Manual Cluster Snapshot
- AWS > Redshift > Cluster Subnet Group
Permissions
Taking a look at permissions and associated grant levels for each permission for Redshift:
| Permission | Grant Level | Help |
|---|---|---|
| cloudwatch:DescribeAlarmHistory | Metadata | "For console access |
| cloudwatch:DescribeAlarms | Metadata | "For console access |
| cloudwatch:DescribeAlarmsForMetric | Metadata | "For console access |
| cloudwatch:GetMetricStatistics | Metadata | "For console access |
| cloudwatch:ListMetrics | Metadata | "For console access |
| ec2:DescribeAccountAttributes | Metadata | Metadata for console access |
| ec2:DescribeAddresses | Metadata | Metadata for console access |
| ec2:DescribeAvailabilityZones | Metadata | Metadata for console access |
| ec2:DescribeInternetGateways | Metadata | Metadata for console access |
| ec2:DescribeSecurityGroups | Metadata | Metadata for console access |
| ec2:DescribeSubnets | Metadata | Metadata for console access |
| ec2:DescribeVpcs | Metadata | Metadata for console access |
| redshift-data:BatchExecuteStatement | Admin | Grants permission to execute multiple queries under a single connection. |
| redshift-data:CancelStatement | Admin | Grants permission to cancel a running query |
| redshift-data:DescribeStatement | Metadata | Grants permission to retrieve detailed information about a statement execution |
| redshift-data:DescribeTable | Metadata | Grants permission to retrieve metadata about a particular table |
| redshift-data:ExecuteStatement | Admin | Grants permission to execute a query |
| redshift-data:GetStatementResult | Metadata | Grants permission to fetch the result of a query |
| redshift-data:ListDatabases | Metadata | Grants permission to list databases for a given cluster |
| redshift-data:ListSchemas | Metadata | Grants permission to list schemas for a given cluster |
| redshift-data:ListStatements | Metadata | Grants permission to list queries for a given principal |
| redshift-data:ListTables | Metadata | Grants permission to list tables for a given cluster |
| redshift:AcceptReservedNodeExchange | Operator | |
| redshift:AddPartner | Admin | |
| redshift:AssociateDataShareConsumer | Admin | |
| redshift:AuthorizeClusterSecurityGroupIngress | Admin | Adds an inbound (ingress) rule to an Amazon Redshift security group. Only used for non-VPC clusters |
| redshift:AuthorizeDataShare | Admin | |
| redshift:AuthorizeEndpointAccess | Admin | |
| redshift:AuthorizeSnapshotAccess | Admin | Allows cross-account snapshot sharing |
| redshift:BatchDeleteClusterSnapshots | Admin | "Admins can delete a set of cluster snapshots. High risk |
| redshift:BatchModifyClusterSnapshots | Admin | Admins can modify the settings for a list of snapshots. |
| redshift:CancelQuery | Admin | |
| redshift:CancelQuerySession | Operator | "Low risk |
| redshift:CancelResize | Admin | |
| redshift:CopyClusterSnapshot | Operator | "Low risk |
| redshift:CreateAuthenticationProfile | Admin | |
| redshift:CreateEndpointAccess | Admin | |
| redshift:CreateCluster | Operator | "Low risk |
| redshift:CreateClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:CreateClusterSecurityGroup | Admin | Administrators can manageto create Amazon Redshift security group. Only used for non-VPC clusters |
| redshift:CreateClusterSnapshot | Operator | "Low risk |
| redshift:CreateClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
| redshift:CreateClusterUser | Admin | Admins can auto create the specified redshift user if it does not exist. |
| redshift:CreateEventSubscription | Operator | "Low risk |
| redshift:CreateHsmClientCertificate | Admin | |
| redshift:CreateHsmConfiguration | Admin | |
| redshift:CreateSavedQuery | Admin | |
| redshift:CreateScheduledAction | Admin | |
| redshift:CreateSnapshotCopyGrant | Admin | Creates a snapshot copy grant that permits Amazon Redshift to use a customer master key (CMK) from AWS Key Management Service (AWS KMS) to encrypt copied snapshots in a destination region. |
| redshift:CreateSnapshotSchedule | Operator | |
| redshift:CreateTags | Operator | |
| redshift:CreateUsageLimit | Admin | |
| redshift:DeauthorizeDataShare | Admin | |
| redshift:DeleteAuthenticationProfile | Admin | |
| redshift:DeleteCluster | Admin | "High risk |
| redshift:DeleteClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:DeleteClusterSecurityGroup | Admin | Only used for non-VPC clusters |
| redshift:DeleteClusterSnapshot | Admin | "High risk |
| redshift:DeleteClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
| redshift:DeleteEndpointAccess | Admin | |
| redshift:DeleteEventSubscription | Operator | "Low risk |
| redshift:DeleteHsmClientCertificate | Admin | HSM not yet supported by Turbot |
| redshift:DeleteHsmConfiguration | Admin | HSM not yet supported by Turbot |
| redshift:DeletePartner | Admin | |
| redshift:DeleteSavedQueries | Admin | |
| redshift:DeleteScheduledAction | Admin | |
| redshift:DeleteSnapshotCopyGrant | Admin | Not supported by Turbot until the use case is better understood. |
| redshift:DeleteSnapshotSchedule | Operator | |
| redshift:DeleteTags | Operator | |
| redshift:DeleteUsageLimit | Admin | |
| redshift:DescribeAccountAttributes | Metadata | |
| redshift:DescribeAuthenticationProfiles | Metadata | |
| redshift:DescribeClusterDbRevisions | Metadata | |
| redshift:DescribeClusterParameterGroups | Metadata | |
| redshift:DescribeClusterParameters | Metadata | |
| redshift:DescribeClusterSecurityGroups | Metadata | |
| redshift:DescribeClusterSnapshots | Metadata | |
| redshift:DescribeClusterSubnetGroups | Metadata | |
| redshift:DescribeClusterTracks | Metadata | Returns a list of all the available maintenance tracks. |
| redshift:DescribeClusterVersions | Metadata | |
| redshift:DescribeClusters | Metadata | |
| redshift:DescribeDataShares | Metadata | |
| redshift:DescribeDataSharesForConsumer | Metadata | |
| redshift:DescribeDataSharesForProducer | Metadata | |
| redshift:DescribeDefaultClusterParameters | Metadata | |
| redshift:DescribeEndpointAccess | Metadata | |
| redshift:DescribeEndpointAuthorization | Metadata | |
| redshift:DescribeEventCategories | Metadata | |
| redshift:DescribeEventSubscriptions | Metadata | |
| redshift:DescribeEvents | Metadata | |
| redshift:DescribeHsmClientCertificates | Metadata | |
| redshift:DescribeHsmConfigurations | Metadata | |
| redshift:DescribeLoggingStatus | Metadata | |
| redshift:DescribeNodeConfigurationOptions | Metadata | |
| redshift:DescribePartners | Metadata | |
| redshift:DescribeOrderableClusterOptions | Metadata | |
| redshift:DescribeQuery | Admin | |
| redshift:DescribeReservedNodeOfferings | Metadata | |
| redshift:DescribeReservedNodes | Metadata | |
| redshift:DescribeResize | Metadata | |
| redshift:DescribeSavedQueries | Admin | |
| redshift:DescribeScheduledActions | Metadata | |
| redshift:DescribeSnapshotCopyGrants | Metadata | |
| redshift:DescribeSnapshotSchedules | Metadata | |
| redshift:DescribeStorage | Metadata | |
| redshift:DescribeTable | Admin | |
| redshift:DescribeTableRestoreStatus | Metadata | |
| redshift:DescribeTags | Metadata | |
| redshift:DescribeUsageLimits | Metadata | |
| redshift:DisableLogging | Admin | |
| redshift:DisableSnapshotCopy | Operator | "Low risk since old snapshots are not deleted |
| redshift:DisassociateDataShareConsumer | Admin | |
| redshift:EnableLogging | Admin | |
| redshift:EnableSnapshotCopy | Operator | "Low risk |
| redshift:ExecuteQuery | Admin | Admins can use query editor for creating and listing tables and other info. |
| redshift:FetchResults | Admin | |
| redshift:GetClusterCredentials | Admin | |
| redshift:GetReservedNodeExchangeOfferings | Metadata | |
| redshift:JoinGroup | Admin | |
| redshift:ListDatabases | Admin | |
| redshift:ListSavedQueries | Metadata | |
| redshift:ListSchemas | Admin | |
| redshift:ListTables | Admin | |
| redshift:ModifyAquaConfiguration | Admin | |
| redshift:ModifyAuthenticationProfile | Admin | |
| redshift:ModifyCluster | Admin | "Turbot manages low skill parameters |
| redshift:ModifyClusterDbRevision | Admin | |
| redshift:ModifyClusterIamRoles | Admin | "Administrators can assign roles to Redshift |
| redshift:ModifyClusterMaintenance | Operator | Operators can modify the maintenance settings of a cluster. |
| redshift:ModifyClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:ModifyClusterSnapshot | Operator | |
| redshift:ModifyClusterSnapshotSchedule | Operator | |
| redshift:ModifyClusterSubnetGroup | Admin | "Administrators can manage custom subnet groups |
| redshift:ModifyEndpointAccess | Admin | |
| redshift:ModifyEventSubscription | Operator | "Low risk |
| redshift:ModifySavedQuery | Admin | |
| redshift:ModifyScheduledAction | Admin | |
| redshift:ModifySnapshotCopyRetentionPeriod | Admin | "Can be decreased |
| redshift:ModifySnapshotSchedule | Operator | |
| redshift:ModifyUsageLimit | Admin | |
| redshift:PauseCluster | Operator | |
| redshift:PurchaseReservedNodeOffering | Owner | Owners are responsible for cost commitments. |
| redshift:RebootCluster | Operator | Medium risk. Impacts availability. |
| redshift:RejectDataShare | Operator | |
| redshift:ResetClusterParameterGroup | Admin | "Turbot manages low skill parameters |
| redshift:ResizeCluster | Admin | "Admin can change the size of the cluster. Cluster type |
| redshift:RestoreFromClusterSnapshot | Operator | "Low risk |
| redshift:RestoreTableFromClusterSnapshot | Operator | "Low risk |
| redshift:ResumeCluster | Operator | |
| redshift:RevokeClusterSecurityGroupIngress | Admin | Only used for non-VPC clusters |
| redshift:RevokeEndpointAccess | Admin | |
| redshift:RevokeSnapshotAccess | Admin | Allows cross-account snapshot sharing |
| redshift:RotateEncryptionKey | Operator | "Medium risk. No impact on data since keys managed by Redshift |
| redshift:UpdatePartnerStatus | Admin | |
| redshift:ViewQueriesFromConsole | Metadata | |
| redshift:ViewQueriesInConsole | Metadata | "No data |
| sns:GetEndpointAttributes | Metadata | "For console access |
| sns:GetPlatformApplicationAttributes | Metadata | "For console access |
| sns:GetSubscriptionAttributes | Metadata | "For console access |
| sns:GetTopicAttributes | Metadata | "For console access |
| sns:ListEndpointsByPlatformApplication | Metadata | "For console access |
| sns:ListPlatformApplications | Metadata | "For console access |
| sns:ListSubscriptionsByTopic | Metadata | "For console access |
| sqlworkbench:AssociateConnectionWithChart | Admin | |
| sqlworkbench:AssociateConnectionWithTab | Admin | |
| sqlworkbench:AssociateNotebookWithTab | Admin | |
| sqlworkbench:AssociateQueryWithTab | Admin | |
| sqlworkbench:BatchDeleteFolder | Admin | |
| sqlworkbench:BatchGetNotebookCell | Metadata | |
| sqlworkbench:CreateAccount | Admin | |
| sqlworkbench:CreateChart | Admin | |
| sqlworkbench:CreateConnection | Admin | |
| sqlworkbench:CreateFolder | Admin | |
| sqlworkbench:CreateNotebook | Admin | |
| sqlworkbench:CreateNotebookCell | Admin | |
| sqlworkbench:CreateNotebookFromVersion | Admin | |
| sqlworkbench:CreateNotebookVersion | Admin | |
| sqlworkbench:CreateSavedQuery | Admin | |
| sqlworkbench:DeleteChart | Admin | |
| sqlworkbench:DeleteConnection | Admin | |
| sqlworkbench:DeleteNotebook | Admin | |
| sqlworkbench:DeleteNotebookCell | Admin | |
| sqlworkbench:DeleteNotebookVersion | Admin | |
| sqlworkbench:DeleteSavedQuery | Admin | |
| sqlworkbench:DeleteTab | Admin | |
| sqlworkbench:DriverExecute | Admin | |
| sqlworkbench:DuplicateNotebook | Admin | |
| sqlworkbench:ExportNotebook | Operator | |
| sqlworkbench:GenerateSession | Admin | |
| sqlworkbench:GetAccountInfo | Metadata | |
| sqlworkbench:GetAccountSettings | Metadata | |
| sqlworkbench:GetAutocompletionMetadata | Metadata | |
| sqlworkbench:GetAutocompletionResource | Metadata | |
| sqlworkbench:GetChart | Metadata | |
| sqlworkbench:GetConnection | Metadata | |
| sqlworkbench:GetKMSKey | Metadata | |
| sqlworkbench:GetNotebook | Metadata | |
| sqlworkbench:GetNotebookVersion | Metadata | |
| sqlworkbench:GetQueryExecutionHistory | Metadata | |
| sqlworkbench:GetSavedQuery | Metadata | |
| sqlworkbench:GetSchemaInference | Metadata | |
| sqlworkbench:GetUserInfo | Metadata | |
| sqlworkbench:GetUserWorkspaceSettings | Metadata | |
| sqlworkbench:ImportNotebook | Operator | |
| sqlworkbench:ListBuckets | Metadata | |
| sqlworkbench:ListConnections | Metadata | |
| sqlworkbench:ListDatabases | Metadata | |
| sqlworkbench:ListFiles | Metadata | |
| sqlworkbench:ListKMSKeyAliases | Metadata | |
| sqlworkbench:ListKMSKeys | Metadata | |
| sqlworkbench:ListNotebooks | Metadata | |
| sqlworkbench:ListNotebookVersions | Metadata | |
| sqlworkbench:ListQueryExecutionHistory | Metadata | |
| sqlworkbench:ListRedshiftClusters | Metadata | |
| sqlworkbench:ListSampleDatabases | Metadata | |
| sqlworkbench:ListSavedQueryVersions | Metadata | |
| sqlworkbench:ListTabs | Metadata | |
| sqlworkbench:ListTaggedResources | Metadata | |
| sqlworkbench:ListTagsForResource | Metadata | |
| sqlworkbench:PutTab | Admin | |
| sqlworkbench:PutUserWorkspaceSettings | Admin | |
| sqlworkbench:RestoreNotebookVersion | Operator | |
| sqlworkbench:TagResource | Operator | |
| sqlworkbench:UntagResource | Operator | |
| sqlworkbench:UpdateAccountConnectionSettings | Admin | |
| sqlworkbench:UpdateAccountExportSettings | Admin | |
| sqlworkbench:UpdateAccountGeneralSettings | Admin | |
| sqlworkbench:UpdateChart | Admin | |
| sqlworkbench:UpdateConnection | Admin | |
| sqlworkbench:UpdateFileFolder | Admin | |
| sqlworkbench:UpdateFolder | Admin | |
| sqlworkbench:UpdateNotebook | Admin | |
| sqlworkbench:UpdateNotebookCellContent | Admin | |
| sqlworkbench:UpdateNotebookCellLayout | Admin | |
| sqlworkbench:UpdateSavedQuery | Admin |
Learn More About Turbot
- Setting Policies Tutorial
- Mods Overview
- Policies Overview
- Resources Overview
- Common Policies and Controls
Recommended Version
Version
5.19.0
Released On
Jul 21, 2023
Depends On
Resource Types
- AWS > Redshift
- AWS > Redshift > Cluster
- AWS > Redshift > Cluster Parameter Group
- AWS > Redshift > Cluster Subnet Group
- AWS > Redshift > Manual Cluster Snapshot
Control Types
- AWS > Redshift > Cluster > Active
- AWS > Redshift > Cluster > Approved
- AWS > Redshift > Cluster > Audit Logging
- AWS > Redshift > Cluster > Backup Retention Period
- AWS > Redshift > Cluster > CMDB
- AWS > Redshift > Cluster > Discovery
- AWS > Redshift > Cluster > Encryption at Rest
- AWS > Redshift > Cluster > Encryption in Transit
- AWS > Redshift > Cluster > Parameter Group
- AWS > Redshift > Cluster > Publicly Accessible
- AWS > Redshift > Cluster > Schedule
- AWS > Redshift > Cluster > Tags
- AWS > Redshift > Cluster > Usage
- AWS > Redshift > Cluster Parameter Group > Active
- AWS > Redshift > Cluster Parameter Group > Approved
- AWS > Redshift > Cluster Parameter Group > CMDB
- AWS > Redshift > Cluster Parameter Group > Discovery
- AWS > Redshift > Cluster Parameter Group > Tags
- AWS > Redshift > Cluster Parameter Group > Usage
- AWS > Redshift > Cluster Subnet Group > Active
- AWS > Redshift > Cluster Subnet Group > Approved
- AWS > Redshift > Cluster Subnet Group > CMDB
- AWS > Redshift > Cluster Subnet Group > Discovery
- AWS > Redshift > Cluster Subnet Group > Tags
- AWS > Redshift > Cluster Subnet Group > Usage
- AWS > Redshift > Manual Cluster Snapshot > Active
- AWS > Redshift > Manual Cluster Snapshot > Approved
- AWS > Redshift > Manual Cluster Snapshot > CMDB
- AWS > Redshift > Manual Cluster Snapshot > Discovery
- AWS > Redshift > Manual Cluster Snapshot > Tags
- AWS > Redshift > Manual Cluster Snapshot > Trusted Access
- AWS > Redshift > Manual Cluster Snapshot > Usage
Policy Types
- AWS > Redshift > API Enabled
- AWS > Redshift > Approved Regions [Default]
- AWS > Redshift > Cluster > Active
- AWS > Redshift > Cluster > Active > Age
- AWS > Redshift > Cluster > Active > Budget
- AWS > Redshift > Cluster > Active > Last Modified
- AWS > Redshift > Cluster > Approved
- AWS > Redshift > Cluster > Approved > Budget
- AWS > Redshift > Cluster > Approved > Custom
- AWS > Redshift > Cluster > Approved > Regions
- AWS > Redshift > Cluster > Approved > Usage
- AWS > Redshift > Cluster > Audit Logging
- AWS > Redshift > Cluster > Audit Logging > Bucket
- AWS > Redshift > Cluster > Audit Logging > Key Prefix
- AWS > Redshift > Cluster > Audit Logging > User Activity Logging
- AWS > Redshift > Cluster > Backup Retention Period
- AWS > Redshift > Cluster > Backup Retention Period > Days
- AWS > Redshift > Cluster > CMDB
- AWS > Redshift > Cluster > Encryption at Rest
- AWS > Redshift > Cluster > Encryption at Rest > Customer Managed Key
- AWS > Redshift > Cluster > Encryption in Transit
- AWS > Redshift > Cluster > Parameter Group
- AWS > Redshift > Cluster > Parameter Group > Name
- AWS > Redshift > Cluster > Publicly Accessible
- AWS > Redshift > Cluster > Regions
- AWS > Redshift > Cluster > Schedule
- AWS > Redshift > Cluster > Schedule Tag
- AWS > Redshift > Cluster > Tags
- AWS > Redshift > Cluster > Tags > Template
- AWS > Redshift > Cluster > Usage
- AWS > Redshift > Cluster > Usage > Limit
- AWS > Redshift > Cluster Parameter Group > Active
- AWS > Redshift > Cluster Parameter Group > Active > Age
- AWS > Redshift > Cluster Parameter Group > Active > Budget
- AWS > Redshift > Cluster Parameter Group > Active > Last Modified
- AWS > Redshift > Cluster Parameter Group > Approved
- AWS > Redshift > Cluster Parameter Group > Approved > Budget
- AWS > Redshift > Cluster Parameter Group > Approved > Custom
- AWS > Redshift > Cluster Parameter Group > Approved > Regions
- AWS > Redshift > Cluster Parameter Group > Approved > Usage
- AWS > Redshift > Cluster Parameter Group > CMDB
- AWS > Redshift > Cluster Parameter Group > Regions
- AWS > Redshift > Cluster Parameter Group > Tags
- AWS > Redshift > Cluster Parameter Group > Tags > Template
- AWS > Redshift > Cluster Parameter Group > Usage
- AWS > Redshift > Cluster Parameter Group > Usage > Limit
- AWS > Redshift > Cluster Subnet Group > Active
- AWS > Redshift > Cluster Subnet Group > Active > Age
- AWS > Redshift > Cluster Subnet Group > Active > Last Modified
- AWS > Redshift > Cluster Subnet Group > Approved
- AWS > Redshift > Cluster Subnet Group > Approved > Custom
- AWS > Redshift > Cluster Subnet Group > Approved > Regions
- AWS > Redshift > Cluster Subnet Group > Approved > Usage
- AWS > Redshift > Cluster Subnet Group > CMDB
- AWS > Redshift > Cluster Subnet Group > Regions
- AWS > Redshift > Cluster Subnet Group > Tags
- AWS > Redshift > Cluster Subnet Group > Tags > Template
- AWS > Redshift > Cluster Subnet Group > Usage
- AWS > Redshift > Cluster Subnet Group > Usage > Limit
- AWS > Redshift > Enabled
- AWS > Redshift > Manual Cluster Snapshot > Active
- AWS > Redshift > Manual Cluster Snapshot > Active > Age
- AWS > Redshift > Manual Cluster Snapshot > Active > Budget
- AWS > Redshift > Manual Cluster Snapshot > Active > Last Modified
- AWS > Redshift > Manual Cluster Snapshot > Approved
- AWS > Redshift > Manual Cluster Snapshot > Approved > Budget
- AWS > Redshift > Manual Cluster Snapshot > Approved > Custom
- AWS > Redshift > Manual Cluster Snapshot > Approved > Encryption at Rest
- AWS > Redshift > Manual Cluster Snapshot > Approved > Encryption at Rest > Customer Managed Key
- AWS > Redshift > Manual Cluster Snapshot > Approved > Regions
- AWS > Redshift > Manual Cluster Snapshot > Approved > Usage
- AWS > Redshift > Manual Cluster Snapshot > CMDB
- AWS > Redshift > Manual Cluster Snapshot > Regions
- AWS > Redshift > Manual Cluster Snapshot > Tags
- AWS > Redshift > Manual Cluster Snapshot > Tags > Template
- AWS > Redshift > Manual Cluster Snapshot > Trusted Access
- AWS > Redshift > Manual Cluster Snapshot > Trusted Access > Accounts
- AWS > Redshift > Manual Cluster Snapshot > Usage
- AWS > Redshift > Manual Cluster Snapshot > Usage > Limit
- AWS > Redshift > Permissions
- AWS > Redshift > Permissions > Levels
- AWS > Redshift > Permissions > Levels > Modifiers
- AWS > Redshift > Permissions > Lockdown
- AWS > Redshift > Permissions > Lockdown > API Boundary
- AWS > Redshift > Regions
- AWS > Redshift > Tags Template [Default]
- AWS > Redshift > Trusted Accounts [Default]
- AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-redshift
- AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-redshift
- AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-redshift
- AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-redshift
Release Notes
5.19.0 (2023-07-21)
What's new?
- Resource's metadata will now also include
createdBydetails in Turbot CMDB. AWS/Redshift/Admin,AWS/Redshift/MetadataandAWS/Redshift/Operatornow include permissions for SQL Workbench Account Settings and Notebooks.- README.md file is now available for users to check details about the resource types and service permissions that the mod covers.
Bug fixes
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
Action Types
Added
- AWS > Redshift > Cluster > Delete from AWS
- AWS > Redshift > Cluster > Set Tags
- AWS > Redshift > Cluster > Skip alarm for Active control
- AWS > Redshift > Cluster > Skip alarm for Active control [90 days]
- AWS > Redshift > Cluster > Skip alarm for Approved control
- AWS > Redshift > Cluster > Skip alarm for Approved control [90 days]
- AWS > Redshift > Cluster > Skip alarm for Encryption at Rest control
- AWS > Redshift > Cluster > Skip alarm for Encryption at Rest control [90 days]
- AWS > Redshift > Cluster > Skip alarm for Tags control
- AWS > Redshift > Cluster > Skip alarm for Tags control [90 days]
- AWS > Redshift > Cluster Parameter Group > Delete from AWS
- AWS > Redshift > Cluster Parameter Group > Set Tags
- AWS > Redshift > Cluster Parameter Group > Skip alarm for Active control
- AWS > Redshift > Cluster Parameter Group > Skip alarm for Active control [90 days]
- AWS > Redshift > Cluster Parameter Group > Skip alarm for Approved control
- AWS > Redshift > Cluster Parameter Group > Skip alarm for Approved control [90 days]
- AWS > Redshift > Cluster Parameter Group > Skip alarm for Tags control
- AWS > Redshift > Cluster Parameter Group > Skip alarm for Tags control [90 days]
- AWS > Redshift > Cluster Subnet Group > Delete from AWS
- AWS > Redshift > Cluster Subnet Group > Set Tags
- AWS > Redshift > Cluster Subnet Group > Skip alarm for Active control
- AWS > Redshift > Cluster Subnet Group > Skip alarm for Active control [90 days]
- AWS > Redshift > Cluster Subnet Group > Skip alarm for Approved control
- AWS > Redshift > Cluster Subnet Group > Skip alarm for Approved control [90 days]
- AWS > Redshift > Cluster Subnet Group > Skip alarm for Tags control
- AWS > Redshift > Cluster Subnet Group > Skip alarm for Tags control [90 days]
- AWS > Redshift > Manual Cluster Snapshot > Delete from AWS
- AWS > Redshift > Manual Cluster Snapshot > Set Tags
- AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Active control
- AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Active control [90 days]
- AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Approved control
- AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Approved control [90 days]
- AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Tags control
- AWS > Redshift > Manual Cluster Snapshot > Skip alarm for Tags control [90 days]
5.18.0 (2022-02-16)
What's new?
- Users can now create their own custom checks against resource attributes in the Approved control using the
Approved > Custompolicy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.
Bug fixes
- We've improved the process of deleting resources from Turbot if their CMDB policy was set to
Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Turbot's IAM role while deleting resources from Turbot. This will allow the CMDB controls to process resource deletions from Turbot more reliably than before.
Policy Types
Added
- AWS > Redshift > Cluster > Approved > Custom
- AWS > Redshift > Cluster Parameter Group > Approved > Custom
- AWS > Redshift > Cluster Subnet Group > Approved > Custom
- AWS > Redshift > Manual Cluster Snapshot > Approved > Custom
5.17.2 (2022-02-01)
Bug fixes
- We've made a few improvements in the GraphQL query for
AWS > Redshift > Cluster > Encryption At Restcontrol. You won't notice any difference, but things should run lighter and quicker than before. - The
AWS > Redshift > Cluster > Schedulecontrol would incorrectly go into a skipped state if theAWS > Redshift > Cluster > Schedulepolicy was set to Skip but theAWS > Redshift > Cluster > Schedule Tagpolicy was set toEnforce: Schedule per turbot_custom_schedule tag. This is fixed and the control will now work as expected.
5.17.1 (2022-01-20)
Bug fixes
- The
AWS > Redshift > Cluster > Schedulecontrol would incorrectly go into an error state if the corresponding CMDB control was in error and theAWS > Redshift > Cluster > Schedulepolicy was set to Skip. This is fixed and the control will now work as expected.
5.17.0 (2022-01-04)
What's new?
AWS/Redshift/AdminAWS/Redshift/MetadataAWS/Redshift/Operatornow include permissions for Partner, Data Share, Endpoint Access and Authentication Profile.
5.16.0 (2021-11-26)
What's new?
AWS/Redshift/Admin,AWS/Redshift/OperatorandAWS/Redshift/Metadatanow includes permissions for SQL Workbench.
5.15.0 (2021-11-11)
What's new?
AWS/Redshift/AdminandAWS/Redshift/Metadatanow includes permissions for Redshift Data.
5.14.0 (2021-07-14)
What's new?
- We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
5.13.0 (2021-06-25)
Control Types
Added
- AWS > Redshift > Cluster > Backup Retention Period
Policy Types
Added
- AWS > Redshift > Cluster > Backup Retention Period
- AWS > Redshift > Cluster > Backup Retention Period > Days
Action Types
Added
- AWS > Redshift > Cluster > Update Backup Retention Period
5.12.0 (2021-02-24)
What's new?
- We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
5.11.3 (2021-02-03)
Bug fixes
- The policy titles for
AWS > Redshift > Cluster > Cluster Publicly AccessibleandAWS > Redshift > Cluster > Parameter Group > Parameter Group Namehave been updated toAWS > Redshift > Cluster > Publicly AccessibleandAWS > Redshift > Cluster > Parameter Group > Namerespectively to remove redundant wording. Both policies' URIs are still the same, so no migration action is required.
Policy Types
Renamed
- AWS > Redshift > Cluster > Parameter Group > Parameter Group Name to AWS > Redshift > Cluster > Parameter Group > Name
- AWS > Redshift > Cluster > Cluster Publicly Accessible to AWS > Redshift > Cluster > Publicly Accessible
5.11.2 (2021-01-27)
Bug fixes
- The
AWS > Redshift > Cluster > Audit LoggingandAWS > Redshift > Cluster > Encryption in Transitcontrols will now move toinvalidinstead oftbdif the cluster’s attached parameter group is not in CMDB to provide better awareness around the missing information.
5.11.1 (2021-01-13)
Bug fixes
AWS > Redshift > Cluster > Encryption in TransitandAWS > Redshift > Cluster > Audit Loggingcontrols would remain in an error state for a cluster if its attached parameter group is not upserted into Turbot's CMDB. This issue has been fixed and now the control remains inTBDstate instead of moving into anerrorstate.
5.11.0 (2020-12-22)
What's new?
- With the addition of
AWS > Redshift > Cluster > Parameter Groupcontrol, you can now ensure a specific parameter group is attached to a cluster, or have Turbot create and attach a new parameter group to a cluster with the previously attached parameter group's parameter values copied over. To get started, set theAWS > Redshift > Cluster > Parameter GroupandAWS > Redshift > Cluster > Parameter Group > Parameter Group Namepolicies
Bug fixes
- Controls run faster now when in the
tbdandskippedstates thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when intbdandskipped, resulting in faster and lighter control runs.
Control Types
Added
- AWS > Redshift > Cluster > Parameter Group
Policy Types
Added
- AWS > Redshift > Cluster > Parameter Group
- AWS > Redshift > Cluster > Parameter Group > Parameter Group Name
Action Types
Added
- AWS > Redshift > Cluster > Create or update parameter group
5.10.0 (2020-11-27)
Control Types
Added
- AWS > Redshift > Cluster > Audit Logging
- AWS > Redshift > Cluster > Encryption in Transit
Policy Types
Added
- AWS > Redshift > Cluster > Audit Logging
- AWS > Redshift > Cluster > Audit Logging > Bucket
- AWS > Redshift > Cluster > Audit Logging > Key Prefix
- AWS > Redshift > Cluster > Audit Logging > User Activity Logging
- AWS > Redshift > Cluster > Encryption in Transit
Action Types
Added
- AWS > Redshift > Cluster > Update Audit Logging
- AWS > Redshift > Cluster > Update Parameter Group
5.9.0 (2020-10-09)
What's new?
- We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to
Skip, its Active control will move toinvalidto prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
5.8.1 (2020-09-17)
Bug fixes
- We've made some improvements to our real-time event handling that reduces the risk of creating resources in CMDB with malformed AKAs. There's no noticeable difference, but things should run more reliably now.
5.8.0 (2020-09-02)
What's new?
- Discovery controls now have their own control category,
CMDB > Discovery, to allow for easier filtering separately from other CMDB controls. - We've renamed the service's default regions policy from
Regions [Default]toRegionsto be consistent with our other regions policies.
5.7.1 (2020-08-17)
Bug fixes
- In various Active controls, we were outputting log messages that did not properly show how many days were left until we'd delete the inactive resources (we were still deleting them after the correct number of days). These log messages have been fixed and now contain the correct number of days.
5.7.0 (2020-08-07)
Control Types
Added
- AWS > Redshift > Cluster > Schedule
Policy Types
Added
- AWS > Redshift > Cluster > Schedule
- AWS > Redshift > Cluster > Schedule Tag
Action Types
Added
- AWS > Redshift > Cluster > Start
- AWS > Redshift > Cluster > Stop
5.6.0 (2020-07-31)
What's new?
Cross-account trust is not only important for complex enterprise and application scenarios, but is also a critical area for security controls. We now support controlling cross-account access for manual cluster snapshots to provide automatic protection against unexpected cross-account access.
A common set of trusted AWS account IDs can be defined in the
AWS > Account > Trusted Accounts [Default]policy. Trusted accounts can also be defined at any level, even down to the specific manual cluster snapshot resource.To get started with these new controls, please see the
AWS > Redshift > Manual Cluster Snapshot > Trusted Accesspolicies.
Control Types
Added
- AWS > Redshift > Manual Cluster Snapshot > Trusted Access
Policy Types
Added
- AWS > Redshift > Manual Cluster Snapshot > Trusted Access
- AWS > Redshift > Manual Cluster Snapshot > Trusted Access > Accounts
- AWS > Redshift > Trusted Accounts [Default]
Action Types
Added
- AWS > Redshift > Manual Cluster Snapshot > Set Trusted Access
5.5.1 (2020-07-02)
Bug fixes
- Sometimes when updating CMDB for resources with tags that have empty string values, e.g.,
[{Key: "Empty", Value: ""}, {Key: "Turbot is great", Value: "true"}], we would not store all of the tags correctly. This has been fixed and now all tags are accounted for.
5.5.0 (2020-06-10)
What's new?
- An additional API call has been added to the CMDB of cluster parameter group which returns a detailed list of parameters contained within the specified Amazon Redshift parameter group.
5.4.0 (2020-05-29)
What's new?
- Updated
AWS > Redshift > Regionspolicy default value to now includeaf-south-1,eu-south-1.
Bug fixes
- Although the data validation errors, which appear in various CMDB and Discovery controls, are not blockers, they look ugly in the UI and should be cleaned up. These errors have now been fixed.
- Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.