AWS Security ChangesHomeSearch

AWS redshift high security documentation change

Service: redshift · 2025-04-11 · Security-related high

File: redshift/latest/mgmt/serverless-connecting.md

Summary

Modified FIPS-compliant SSL configuration to require both 'use_fips_ssl' and 'require_ssl' parameters in workgroup commands.

Security assessment

The change enforces SSL requirement alongside FIPS compliance, addressing potential insecure transport layer configurations. This directly implements security controls for encrypted connections.

Diff

diff --git a/redshift/latest/mgmt/serverless-connecting.md b/redshift/latest/mgmt/serverless-connecting.md
index d050e2680..ac910c6ad 100644
--- a//redshift/latest/mgmt/serverless-connecting.md
+++ b//redshift/latest/mgmt/serverless-connecting.md
@@ -141 +141 @@ Amazon Redshift supports the Elliptic Curve Diffie—Hellman Ephemeral (ECDHE) k
-To create a new workgroup that uses a FIPS-compliant SSL connection, use the `create-workgroup` command and set the `use_fips_ssl` parameter to `true`. To use the following example, replace `yourNamespaceName` with the name of your namespace and replace `yourWorkgroupName` with the name of your workgroup.
+To create a new workgroup that uses a FIPS-compliant SSL connection, use the `create-workgroup` command and set the `use_fips_ssl` and `require_ssl` parameters to `true`. To use the following example, replace `yourNamespaceName` with the name of your namespace and replace `yourWorkgroupName` with the name of your workgroup.
@@ -147 +147 @@ To create a new workgroup that uses a FIPS-compliant SSL connection, use the `cr
-    --config-parameters parameterKey=use_fips_ssl,parameterValue=true
+    --config-parameters '[{"parameterKey": "require_ssl", "parameterValue": "true"}, {"parameterKey": "use_fips_ssl", "parameterValue": "true"}]'
@@ -149 +149 @@ To create a new workgroup that uses a FIPS-compliant SSL connection, use the `cr
-To update an existing workgroup to use a FIPS-compliant SSL connection, use the `update-workgroup` command and set the `use_fips_ssl` parameter to `true`. Note that Redshift Serverless will restart your workgroup when you update the `use_fips_ssl` parameter. To use the following example, replace `yourWorkgroupName` with the name of your workgroup.
+To update an existing workgroup to use a FIPS-compliant SSL connection, use the `update-workgroup` command and set the `use_fips_ssl` and `require_ssl` parameters to `true`. Note that Redshift Serverless will restart your workgroup when you update the `use_fips_ssl` parameter. To use the following example, replace `yourWorkgroupName` with the name of your workgroup.
@@ -154 +154 @@ To update an existing workgroup to use a FIPS-compliant SSL connection, use the
-    --config-parameters parameterKey=use_fips_ssl,parameterValue=true
+    --config-parameters '[{"parameterKey": "require_ssl", "parameterValue": "true"}, {"parameterKey": "use_fips_ssl", "parameterValue": "true"}]'