Ensure that your Amazon ElastiCache clusters are using the stable latest version of Redis/Memcached cache engine in order to adhere to AWS cloud best practices, benefit from better security by having the most recent vulnerability patches, receive the latest Redis and Memcached software features, and get the latest performance optimizations.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
When your Amazon ElastiCache clusters are configured with the latest version of Redis/Memcached cache engine, you can benefit from new features and enhancements, better performance, better memory management, bug fixes and security patches. For example, upgrading your Redis cache clusters version to 3.2.6 will get you all the improvements that come with the Redis engine version 3 (data partitioning, geospatial indexing, online cluster resizing, replica scaling, etc) plus the ones added by AWS such as support for newer cache node types, in-transit and at-rest encryption, and support for HIPAA compliance. For Memcached cache clusters, upgrading the engine version to 1.4.34 will add several bug fixes, systemd service hardening, improved support for large items over 1MB and the ability to dynamically increase the amount of memory available to the engine without having to restart the cache cluster.
Audit
Case A: To determine if your Memcached cache clusters are using the latest version of Memcached engine, perform the following operations:
Case B: To determine if your Redis cache clusters are using the latest version of Redis engine, perform the following actions:
Remediation / Resolution
Case A: To upgrade the Memcached engine version for your Amazon ElastiCache Memcached cache clusters, perform the following operations:
Note: Upgrading Memcached cache engine version via AWS Management Console is not currently supported.Case B: To upgrade the Redis cache engine version for your Amazon ElastiCache Redis cache clusters, perform the following actions:
Note: Upgrading Redis cache engine version via AWS Management Console is not currently supported.References
- AWS Documentation
- Amazon ElastiCache FAQs
- What is Amazon ElastiCache for Redis?
- What is Amazon ElastiCache for Memcached?
- Engine versions and upgrading - Amazon ElastiCache for Redis
- Supported ElastiCache for Redis versions
- Upgrading engine versions - Amazon ElastiCache for Redis
- Engine versions and upgrading - Amazon ElastiCache
- Upgrading engine versions - Amazon ElastiCache
- Modifying an ElastiCache Cluster
- AWS Command Line Interface (CLI) Documentation
- elasticache
- describe-cache-clusters
- modify-cache-cluster
- modify-replication-group
- CloudFormation Documentation
- Amazon ElastiCache resource type reference
- Terraform Documentation
- AWS Provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
ElastiCache Engine Version
Risk Level: Medium