Pattern: Redshift cluster should be deployed into a specific VPC
Issue: -
Redshift clusters that are created without subnet details will be created in EC2 classic mode, meaning that they will be outside of a known VPC and running in tennant.
In order to benefit from the additional security features achieved with using an owned VPC, the subnet should be set.
Resolution: Deploy Redshift cluster into a non default VPC.
Example of incorrect code:
resource "aws_redshift_cluster" "bad_example" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
}Example of correct code:
resource "aws_redshift_cluster" "good_example" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
cluster_subnet_group_name = "redshift_subnet"
}