Determine if your existing Amazon Redshift cluster nodes have the desired type established by your organization based on the workload deployed. Cloud Conformity provides you with the capability to define the desired node types based on your workload requirements upon enabling this rule.
This rule can help you with the following compliance standards:
- APRA
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Setting limits for the type of AWS Redshift cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill.
Note 1: You can also limit your Amazon Redshift nodes to the desired instance types using AWS Organizations service by implementing your own Service Control Policy on the master account. A Service Control Policy (SCP) is a type of policy that you can use to manage your organization. SCPs enable you to restrict what resources, services and actions the users, groups, and roles in those AWS accounts can use.
Note 2: The desired Redshift node type used as example in this conformity rule is ds1.xlarge. To meet your own organizational requirements, you will need to configure this rule with your desired node type.
Audit
To determine if the existing nodes provisioned within your Redshift clusters have the desired node type, perform the following:
Remediation / Resolution
To limit the new Amazon Redshift cluster nodes to the desired node type, raise an AWS support case where you explain why you need this type of limitation. For any existing Redshift cluster nodes launched without using the desired type, just take snapshots of the required clusters and relaunch them using the desired node type.
To create the necessary AWS support case, perform the following actions:
References
- AWS Documentation
- Amazon Redshift FAQs
- Amazon Redshift Clusters
- Managing Clusters Using the Console
- Service Control Policies
- AWS Command Line Interface (CLI) Documentation
- redshift
- describe-clusters