Amazon_ElastiCache_4

Ensure AWS ElastiCache Redis clusters are encrypted in transit

Description

In order to protect sensitive data, AWS ElastiCache Redis clusters should be encrypted rest. Encryption of data at rest prevents unauthorized access to your sensitive data stored on AWS ElastiCache Redis clusters and associated cache storage.

Remediation

AWS ElastiCache Redis cluster at-rest encryption can be set only at the time of the creation of the cluster. To fix this issue, create a new cluster with at-rest encryption, migrate all required ElastiCache Redis cluster data from the unencrypted cluster to the new cluster, and then delete the old cluster. To create new ElastiCache Redis cluster with at-rest encryption set, perform the following:

  1. Sign into the AWS console
  2. In the console, select the specific region
  3. Navigate to ElastiCache Dashboard
  4. Click Redis
  5. Click ‘ Create ‘ button

On the ‘ Create your Amazon ElastiCache cluster ‘ page:

  • a. Select ‘ Redis ‘ cache engine type.
  • b. Enter a name for the new cache cluster
  • c. Select Redis engine version from ‘ Engine version compatibility ‘ dropdown list.
  • Note: As of July 2018, In-transit encryption can be enabled only for AWS ElastiCache clusters with Redis engine version 3.2.6 and 4.0.10.
  • Click ‘ Advanced Redis settings ‘ to expand the cluster advanced settings panel e. Select ‘ Encryption at – rest ‘ checkbox to enable encryption along with other necessary parameters
  1. Click ‘ Create ‘ button to launch your new ElastiCache Redis cluster To delete reported ElastiCache Redis cluster, perform the following
  2. Sign into the AWS console
  3. In the console, select the specific region
  4. Navigate to ElastiCache Dashboard
  5. Click Redis
  6. Select reported Redis cluste
  7. Click ‘ Delete ‘ button
  8. In the ‘ Delete Cluster ‘ dialog box, if you want a backup for your cluster select ‘ Yes ‘ from the ‘ Create final backup ‘ dropdown menu, provide a name for the cluster backup, then click ‘ Delete ‘.

Service

ElastiCache

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!