Skip to content

Redshift Credentials

Service Name: Amazon Redshift

Service Description: Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. It enables you to analyze all your data using standard SQL and your existing business intelligence tools.

Service Address: https://aws.amazon.com/redshift/

Validation Type: API Auth

IP Allow list: IP Restriction is available at the cluster level using Security Groups and VPC configurations.

Secret Access Scope: Grants access to Redshift clusters, allowing query execution, data manipulation, and potentially administrative operations depending on the user's permissions.

Secret Revokement URL: https://docs.aws.amazon.com/redshift/latest/mgmt/generating-user-credentials.html

Secret Example: jdbc:redshift://examplecluster.abc123xyz789.us-west-2.redshift.amazonaws.com:5439/dev?user=awsuser&password=MyP@ssw0rd123

Suspicious Activity Investigation Instructions:

  • Review Redshift audit logs for unusual query patterns or data access

  • Check AWS CloudTrail for Redshift API calls from unexpected sources

  • Monitor for large data transfers or unusual export operations

  • Examine user login history for access from unusual locations or times

  • Review any schema or permission changes made by the compromised credentials

Mitigation Instructions:

  • Immediately change the password for the affected user in the AWS Redshift console

  • Consider temporarily disabling the user account while investigating

  • Rotate any other credentials that might have been exposed

  • Review and restrict Security Group rules to limit access to trusted IP addresses

  • Enable enhanced VPC routing if not already enabled

  • Implement multi-factor authentication for database access if possible

  • Review IAM policies associated with Redshift access

  • Check for any unauthorized clusters or snapshots that may have been created

  • Update connection strings in applications to use the new credentials