Ensure that your AWS ElastiCache Redis clusters are encrypted in order to meet security and compliance requirements (keep Personally Identifiable Information safe). Data encryption helps prevent unauthorized users from reading sensitive data available on your Redis clusters and their associated cache storage systems. This includes data saved to persistent media, known as data at-rest, and data that can be intercepted as it travels through the network, between clients and cache servers, known as data in-transit.
This rule can help you with the following compliance standards:
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When working with production data it is highly recommended to implement encryption in order to protect it from unauthorized access and fulfill compliance requirements for data-at-rest and in-transit encryption within your organization. For example, a compliance requirement is to protect sensitive data that could potentially identify a specific individual such as Personally Identifiable Information (PII), usually used in Financial Services, Healthcare and Telecommunications sectors.
Note: As of December 2017, in-transit and at-rest encryption can be enabled only for AWS ElastiCache clusters with Redis engine version 3.2.6.
To determine in-transit and at-rest encryption configuration for your AWS ElastiCache Redis clusters, perform the following:
Remediation / Resolution
To enable in-transit and at-rest encryption for your existing AWS ElastiCache Redis clusters, you must re-create them with the necessary encryption configuration. To relaunch the required cache clusters, perform the following:
- AWS Documentation
- Amazon ElastiCache FAQs
- Managing ElastiCache
- ElastiCache Clusters
- ElastiCache Replication (Redis)
- Amazon ElastiCache for Redis In-Transit Encryption
- Amazon ElastiCache for Redis At-Rest Encryption
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
ElastiCache Redis In-Transit and At-Rest Encryption
Risk level: High