AWS RDS Redshift Password Policy

0

For Audit purposes we need to configure out AWS Redshift instance password policy as below: Length =12 users or 15 admins, service, app or prod accounts.

Complexity: letters, digits, spec characters

Change Interval / Expiration = 90 days;

Password History = last 4 pw

Failed login lockout = 5 tries.

Can you please advise if this is feasible in Redshift. I see there are options on AWS RDS PG to add extensions. So any documentation / advice welcomed. ty

  • There are plenty of ways to get secure access to redshift without passwords. There’s IAM auth, Entra SSO auth, you don’t need to allow users to have passwords. I mean the only system I have that actually needs one is metabase cause it’s dumb (so I set up a rotating secret for it), I transitioned everyone else and all other apps off to sso/iam.

已提問 3 個月前檢視次數 168 次
2 個答案
0

Thanks Didier, I'll test to see if this if feasible for Redshift. Yes I saw above for PostgreSQL, and plan on using this for PG, Just Redshift it appears different. I will try though ty

已回答 3 個月前
  • Comment on his answer, don’t post another answer

0

Hi,

I think that you want to implement the pg Trusted Language Extensions (TLE) to enforce the password policy that you want as described here: https://repost.aws/knowledge-center/rds-postgresql-password-policy

A PostgreSQL passcheck hook checks passwords for SQL operations and doesn't 
allow users to set passwords listed in the password_check.bad_passwords table. 
The passcheck hook also checks password length and confirms that passwords 
contain uppercase and lowercase letters, numbers, and special characters.

Best,

Didier

profile pictureAWS
專家
已回答 3 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南