Monitoring IP Connections to Redshift Cluster | AWS Certified Big Data - Specialty Exam | Amazon

List of IP Addresses Connecting to Redshift Cluster

Prev Question Next Question

Question

A team has setup a Redshift cluster for a company.

There is a requirement from the IT Security department to get the list of all IP addresses which establish connections to the Redshift cluster.

Which of the following can help achieve this requirement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: B.

The AWS Documentation mentions the following.

Amazon Redshift logs information in the following log files:

Connection log - logs authentication attempts, and connections and disconnections.

User log - logs information about changes to database user definitions.

User activity log - logs each query before it is run on the database.

The connection and user logs are useful primarily for security purposes.

You can use the connection log to monitor information about the users who are connecting to the database and the related connection information, such as their IP address, when they made the request, what type of authentication they used, and so on.

You can use the user log to monitor changes to the definitions of database users.

Since the documentation clearly mentions how this can be achieved, the other options are invalid.

For more information on database auditing, please visit the url.

https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html
Connection Log Logs authentica connection log. Column name event recordtime in attempts, and connections and disconnect Description Connection or authentication event. e the event occurred. remoteport pid dbname username authmethod duration sslversion sslcipher mtu sslcompre: sslexpansion Port number for remote host. Process ID associated with the statement. Database name. User name. Authentication method. Duration of connection in microseconds. Secure Sockets Layer (SSL) version. ss Maximum transmi nn unit (MTU). SSL compression type. SSL expat

The correct answer for this question is D. Get this information from VPC Flow Logs.

Explanation: Redshift is a managed data warehouse service provided by AWS. It allows customers to query and analyze large amounts of data using SQL-based tools. When setting up a Redshift cluster, a Virtual Private Cloud (VPC) is created to isolate the cluster from other resources in the customer's AWS environment.

To get the list of all IP addresses that establish connections to the Redshift cluster, we need to examine the network traffic that flows in and out of the cluster. VPC Flow Logs capture information about the IP traffic going to and from network interfaces in a VPC. VPC Flow Logs can be used to monitor and troubleshoot network connectivity issues.

CloudTrail logs record API calls made on the AWS account. Connection logs in Redshift record information about connections made to the Redshift cluster, including information about the client IP address. However, these logs may not capture all IP addresses that establish connections to the Redshift cluster, especially if the connection is made from outside the AWS environment.

User logs in Redshift record information about user activity in the Redshift cluster, such as queries executed and modifications made to the database. User logs do not capture information about network traffic.

Therefore, the correct answer is D. Get this information from VPC Flow Logs, which capture information about IP traffic going to and from the network interfaces in the VPC, including traffic going to and from the Redshift cluster.

Prev Question Next Question