AWS Security ChangesHomeSearch

AWS redshift high security documentation change

Service: redshift · 2025-05-31 · Security-related high

File: redshift/latest/mgmt/python-configuration-options.md

Summary

Changed default value for IdP SSL certificate verification from True to False and added security recommendation

Security assessment

The parameter 'disable_verify' now defaults to False (enabling SSL verification), reversing a potentially insecure previous default. Explicit warning about keeping verification enabled in production directly addresses TLS certificate validation security concerns, preventing MITM attacks.

Diff

diff --git a/redshift/latest/mgmt/python-configuration-options.md b/redshift/latest/mgmt/python-configuration-options.md
index 44a1a6d67..3fbee78fa 100644
--- a//redshift/latest/mgmt/python-configuration-options.md
+++ b//redshift/latest/mgmt/python-configuration-options.md
@@ -628 +628 @@ This parameter is required.
-  * Default value – True
+  * Default value – False
@@ -635 +635 @@ This parameter is required.
-A value that specifies whether the IdP hosts server certificate is to be verified. 
+A value that specifies whether to disable the verification of the IdP host's server SSL certificate. Setting this parameter to True will disable the verification of the IdP host's server SSL certificate. We recommend that you keep the default value of False in production environments.