Target Redshift Requirements, Permissions, and Ports
The Access Analyzer for Databases Solution provides the ability to audit and monitor Redshift database environments to collect permissions and sensitive data. It scans:
- Amazon AWS Redshift
- AWS Redshift Cluster
Target Redshift Requirements
-
Creation of a user name and password through the AWS portal.
-
Successful retrieval of the following items from the AWS website:
- Database Name – Unique identifier for a specific database
- Port Number – String of unique numbers used by networks to identify specific incoming processes
- Endpoint name – Publicly accessible elastic IP address specific to the database
-
Retrieval of the information from the Access Analyzer console.
Additional requirements for Sensitive Data Discovery:
- Windows Only – Domain Administrator or Local Administrator privilege
Data Collectors
This solution employs the following data collector to scan the target environment:
Permissions
For .Active Directory Inventory Prerequisite
-
Read access to directory tree
-
List Contents & Read Property on the Deleted Objects Container
NOTE: See the Microsoft Searching for Deleted Objects article and the Microsoft Dsacls article for additional information.
For Redshift Data Collection
-
Read-access to the following tables:
- pg_tables
- pg_user
Ports
The following firewall ports are needed:
For ADInventory Data Collector
- TCP 389
- TCP 135-139
- Randomly allocated high TCP ports