AWS Security ChangesHomeSearch

AWS redshift medium security documentation change

Service: redshift · 2025-08-28 · Security-related medium

File: redshift/latest/dg/materialized-view-streaming-ingestion-getting-started-MSK.md

Summary

Added note explicitly stating that self-signed certificates are not supported for authentication/data in transit with Kafka streaming sources

Security assessment

The change enforces the use of trusted certificates (e.g., from AWS Certificate Manager) to ensure secure authentication and encrypted data transmission. This directly addresses potential security risks from using insecure self-signed certificates.

Diff

diff --git a/redshift/latest/dg/materialized-view-streaming-ingestion-getting-started-MSK.md b/redshift/latest/dg/materialized-view-streaming-ingestion-getting-started-MSK.md
index 74aa3a2d6..79abb6e39 100644
--- a//redshift/latest/dg/materialized-view-streaming-ingestion-getting-started-MSK.md
+++ b//redshift/latest/dg/materialized-view-streaming-ingestion-getting-started-MSK.md
@@ -48,0 +49,2 @@ After you create your application's role, attach one of the following policies t
+Note that self-signed certificates are not supported for authentication or data in transit when you use direct streaming ingestion into Amazon Redshift with any of the supported Apache Kafka streaming sources. These include Amazon MSK, Apache Kafka, and Confluent Cloud. Consider using certificates generated with AWS Certificate Manager or any other publicly trusted certificate authority.
+