Amazon Redshift announces enhanced default security configurations for new warehouses

[Amazon Redshift](https://aws.amazon.com/pm/redshift/) announces enhanced security defaults to help you adhere to best practices in data security and reduce the risk of potential misconfigurations. These changes include disabling [public accessibility](https://docs.aws.amazon.com/redshift/latest/mgmt/rs-security-group-public-private.html), enabling [database encryption](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html), and enforcing [secure connections](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html) by default when creating a new data warehouse. The enhanced security defaults bring three key changes: First, public accessibility is disabled by default for all newly created provisioned clusters and clusters restored from snapshots. In this configuration, connections to clusters will only be permitted from client applications within the same Virtual Private Cloud (VPC). Second, database encryption is enabled by default for provisioned clusters. If you don't specify an AWS KMS key when creating a provisioned cluster, the cluster is now automatically encrypted with an AWS-owned key. Third, Amazon Redshift now enforces secure, encrypted connections by default, a new default parameter group named "default.redshift-2.0" will be introduced for all newly created or restored clusters, with "require\_ssl" parameter set to "true" by default. This default change will also apply to new serverless workgroups. Review your data warehouse creation configurations, scripts, and tools to align with the new default settings to avoid any potential disruption. While these security features are enabled by default, you will still have the ability to modify cluster or workgroup settings to change the default behavior. Your existing data warehouses will not be impacted by these security enhancements. These new default changes are implemented in all AWS regions where Amazon Redshift is available. For more information, please refer to our [documentation](https://docs.aws.amazon.com/redshift/latest/mgmt/behavior-changes.html).