This pattern provides an Amazon Web Services (AWS) CloudFormation template that automatically notifies you when an Amazon Redshift cluster is launched outside a virtual private cloud (VPC).
Amazon Redshift is a fully managed, petabyte-scale, cloud-based data warehouse product. It is designed for large-scale dataset storage and analysis. It is also used to perform large-scale database migrations. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources such as Amazon Redshift clusters in a virtual network that you define.
The security control provided with this pattern monitors Amazon Redshift API calls in AWS CloudTrail logs, and initiates an Amazon CloudWatch Events event for the CreateCluster and RestoreFromClusterSnapshot APIs. When the event detects one of these APIs, it calls AWS Lambda, which runs a Python script. The Python function analyzes the CloudWatch event. If an Amazon Redshift cluster is created or restored from a snapshot and appears outside the Amazon VPC network, the function sends an Amazon Simple Notification Service (Amazon SNS) notification to the user with the relevant information: the Amazon Redshift cluster name, AWS Region, AWS account, and Amazon Resource Name (ARN) for Lambda that this notification is sourced from.
