AWS RDS Redshift Password Policy

0

For Audit purposes we need to configure out AWS Redshift instance password policy as below: Length =12 users or 15 admins, service, app or prod accounts.

Complexity: letters, digits, spec characters

Change Interval / Expiration = 90 days;

Password History = last 4 pw

Failed login lockout = 5 tries.

Can you please advise if this is feasible in Redshift. I see there are options on AWS RDS PG to add extensions. So any documentation / advice welcomed. ty

  • There are plenty of ways to get secure access to redshift without passwords. There’s IAM auth, Entra SSO auth, you don’t need to allow users to have passwords. I mean the only system I have that actually needs one is metabase cause it’s dumb (so I set up a rotating secret for it), I transitioned everyone else and all other apps off to sso/iam.

gefragt vor 4 Monaten180 Aufrufe
2 Antworten
0

Thanks Didier, I'll test to see if this if feasible for Redshift. Yes I saw above for PostgreSQL, and plan on using this for PG, Just Redshift it appears different. I will try though ty

beantwortet vor 4 Monaten
  • Comment on his answer, don’t post another answer

0

Hi,

I think that you want to implement the pg Trusted Language Extensions (TLE) to enforce the password policy that you want as described here: https://repost.aws/knowledge-center/rds-postgresql-password-policy

A PostgreSQL passcheck hook checks passwords for SQL operations and doesn't 
allow users to set passwords listed in the password_check.bad_passwords table. 
The passcheck hook also checks password length and confirms that passwords 
contain uppercase and lowercase letters, numbers, and special characters.

Best,

Didier

profile pictureAWS
EXPERTE
beantwortet vor 4 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen