Ensure that your ElastiCache clusters are provisioned within the AWS EC2-VPC platform instead of EC2-Classic platform (outdated from 2013-12-04) for better flexibility and control over the cache clusters security, availability, traffic routing and more
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Creating and managing Amazon ElastiCache clusters using EC2-VPC platform instead of EC2-Classic can bring multiple advantages such as better networking infrastructure (network isolation, subnets and private IP addresses), much more flexible control over access security (control over VPC security group membership, network ACLs, security group outbound/egress traffic filtering) and the capability to run cache clusters on single-tenant hardware.
To determine the EC2 platform (EC2-Classic or EC2-VPC) used to launch your ElastiCache clusters, perform the following:
Remediation / Resolution
To migrate your EC2-Classic ElastiCache clusters to a Virtual Private Cloud, you must re-create those clusters within a VPC environment. To relaunch the necessary clusters, perform the following:Note: As example, this guide will explain how to migrate an ElastiCache Redis cache cluster from EC2-Classic platform to EC2-VPC within the same AWS region.
- AWS Documentation
- ElastiCache and Amazon VPC
- Amazon EC2 and Amazon Virtual Private Cloud
- Supported Platforms
- Creating a Virtual Private Cloud (VPC)
- Creating a Redis (cluster mode disabled) Cluster (Console)
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
ElastiCache Cluster In VPC
Risk level: Medium