AWS redshift medium security documentation change
Summary
Added a note prohibiting self-signed certificates for mTLS in direct streaming ingestion.
Security assessment
The change explicitly disallows self-signed certificates, which could mitigate risks like man-in-the-middle attacks. This addresses a potential security misconfiguration by enforcing trusted certificates.
Diff
diff --git a/redshift/latest/dg/materialized-view-streaming-ingestion-mtls.md b/redshift/latest/dg/materialized-view-streaming-ingestion-mtls.md index 178176b51..3cb30442f 100644 --- a//redshift/latest/dg/materialized-view-streaming-ingestion-mtls.md +++ b//redshift/latest/dg/materialized-view-streaming-ingestion-mtls.md @@ -12,0 +13,2 @@ Mutual transport-layer security (mTLS) provides the means for a server to authen +Note that self-signed certificates are not supported for authentication or data in transit when you use direct streaming ingestion into Amazon Redshift with any of the supported Apache Kafka streaming sources. These include Amazon MSK, Apache Kafka, and Confluent Cloud. Consider using certificates generated with AWS Certificate Manager or any other publicly trusted certificate authority. +