Ensure that your Amazon ElastiCache Redis cache clusters are encrypted in order to meet security and compliance requirements. Encryption helps prevent unauthorized users from reading sensitive data available on your Redis cache clusters and their associated cache storage systems. This includes data saved to persistent media, known as data at-rest, and data that can be intercepted as it travels through the network, between clients and cache servers, known as data in-transit.
This rule can help you with the following compliance standards:
- HIPAA
- GDPR
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When working with production and confidential data it is strongly recommended to implement encryption in order to protect your data from unauthorized access and fulfill compliance requirements for data-at-rest and in-transit encryption within your organization. For example, a compliance requirement is to protect sensitive data that could potentially identify a specific individual such as Personally Identifiable Information (PII), usually used in Financial Services, Healthcare, and Telecommunications sectors.
Audit
To determine if in-transit and at-rest encryption is enabled for your ElastiCache Redis cache clusters, perform the following operations:
Remediation / Resolution
To enable in-transit and at-rest encryption for your existing Amazon ElastiCache Redis cache clusters, you must re-create them with the appropriate encryption configuration. To re-create a Redis cache cluster, perform the following operations:
References
- AWS Documentation
- Amazon ElastiCache FAQs
- Managing clusters
- Creating a cluster
- ElastiCache in-transit encryption (TLS)
- At-Rest Encryption in ElastiCache
- Authentication and Authorization
- AWS Command Line Interface (CLI) Documentation
- describe-replication-groups
- create-replication-group
- delete-replication-group
- CloudFormation Documentation
- Amazon ElastiCache resource type reference
- Terraform Documentation
- AWS Provider