Redshift Clear Text Passwords and Secret keys exposed?


Hi there,

I received the following email about my redshift cluster:

We are reaching out to inform you your Amazon Redshift cluster(s) may have been affected by an issue caused by a change introduced on October 13, 2021, where your password and/or your Secret_Access_Key may have been inadvertently written in plain text to your cluster's audit logs (stl_user_activity_log). We do not have any indication that these credentials have been accessed. We applied a patch on January 19, 2022, to fix the issue for all clusters in all AWS regions.

As a cautionary measure, we recommend that you: (1) Review any access to your cluster(s) in your audit log files from October 13, 2021 through January 19, 2022, such as those by authorized applications, to ensure your access credentials and passwords were not accessed; (2) Immediately change your cluster's password and/or generate a new Secret_Access_Key for use with COPY and UNLOAD commands for moving files between Amazon S3 and Amazon Redshift; and (3) Scan and sanitize your audit log files, that were created between October 13, 2021 through January 19, 2022, both dates inclusive, to remove any occurrences of clear text passwords and security keys in them.

However, looking on my cluster I can't see a stl_user_activity_log

Select * from stl_user_activity_log;

SQL Error [42P01]: ERROR: relation "pg_catalog.stl_user_activity_log" does not exist

Was this email pointing out the wrong audit logs? or should I not be looking for these audit logs on the table? we have s3 audit logging enabled, but browsing through those I don't see anything either.

1 Answer

You should be looking at your S3 bucket audit log files. Please raise support ticket and support can assist you specifically.

profile pictureAWS
answered a year ago
  • My account doesn't have access to support, that's why I posted here.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions