Determine if your existing AWS ElastiCache cluster nodes have the desired type established by your organization based on the caching workload required. Cloud Conformity provides you with the ability to define the desired cache node type based on your workload requirements upon enabling this conformity rule.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Setting limits for the type of AWS ElastiCache cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill.
Note 1: You can also limit your ElastiCache nodes to the desired type using AWS Organizations service by implementing your own Service Control Policy on the master account. A Service Control Policy (SCP) is a type of policy that you can use to manage your organization. SCPs enable you to restrict what resources, services and actions the users, groups, and roles in those AWS accounts can use.
Note 2: The desired ElastiCache node type used as example in conformity this rule is cache.m3.medium. To meet your own organizational requirements, you will need to configure this rule with your desired node type.
Audit
To determine if the existing cache nodes provisioned within your ElastiCache clusters have the desired type, perform the following:
Remediation / Resolution
To limit the new AWS ElastiCache cluster nodes to the desired node type, raise an AWS support case where you explain why you need this type of limitation. For any existing ElastiCache clusters launched without using the desired node type, just update their configuration by changing the Node Type config parameter to the desired type (e.g. cache.m3.medium).
To create the necessary AWS support case, perform the following actions:
References
- AWS Documentation
- Amazon ElastiCache FAQs
- Managing ElastiCache
- ElastiCache Clusters
- Service Control Policies
- AWS Command Line Interface (CLI) Documentation
- elasticache
- describe-cache-clusters
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
ElastiCache Desired Node Type
Risk Level: Medium