This template creates a Redshift cluster parameter group with a single parameter.

This template creates an Amazon Redshift Cluster Parameter Group with Workload Management Configuration. It allows you to configure workload management settings for your Redshift cluster, such as user groups, query groups, and query concurrency.

This template creates a security group for an Amazon Redshift cluster, allowing connections from a specific IP range.

This template creates an Amazon Redshift cluster subnet group with the specified subnet.

This template creates a single-node Amazon Redshift cluster with a specified database name, master username, and password. The cluster is tagged with 'foo' as the key and 'bar' as the value.

A config rule that checks whether Amazon Redshift clusters have the specified settings.

A config rule that checks whether Amazon Redshift clusters have the specified maintenance settings.

A Config rule that checks whether Amazon Redshift clusters are not publicly accessible. The rule is NON_COMPLIANT if the publiclyAccessible field is true in the cluster configuration item.

A Config rule that checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients. The rule is NON_COMPLIANT if any Amazon Redshift cluster has parameter require_SSL not set to true.

A Config rule that checks that Amazon Redshift automated snapshots are enabled for clusters. The rule is NON_COMPLIANT if the value for automatedSnapshotRetentionPeriod is greater than MaxRetentionPeriod or less than MinRetentionPeriod or the value is 0.

A Config rule that checks if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption. The rule is COMPLIANT if encryption is enabled and the cluster is encrypted with the key provided in the kmsKeyArn parameter. The rule is NON_COMPLIANT if the cluster is not encrypted or encrypted with another key.

A Config rule that checks if an Amazon Redshift cluster has changed the admin username from its default value. The rule is NON_COMPLIANT if the admin username for a Redshift cluster is set to “awsuser” or if the username does not match what is listed in parameter.

A Config rule that checks if a Redshift cluster has changed its database name from the default value. The rule is NON_COMPLIANT if the database name for a Redshift cluster is set to “dev”, or if the optional parameter is provided and the database name does not match.

A Config rule that checks if Amazon Redshift cluster has enhancedVpcRouting enabled. The rule is NON_COMPLIANT if enhancedVpcRouting is not enabled or if the configuration.enhancedVpcRouting field is false.

Checks if Amazon Redshift clusters are logging audits to a specific bucket. The rule is NON_COMPLIANT if audit logging is not enabled for a Redshift cluster or if the 'bucketNames' parameter is provided but the audit logging destination does not match.