lacework-global-715

Enable encryption-at-rest on AWS ElastiCache Replication Groups

Description

As a security best practice enable encryption-at-rest on an Elasticache Replication Group to prevent unauthorized users from reading sensitive data saved to persistent media available on Elasticache clusters and their associated cache storage systems.

Remediation

You have limited options for Modifications to Replication Groups.

The solution for replication groups that do not have encryption-at-rest enabled is to recreate and restore from a backup of the existing replication group. The replication group has encryption-at-rest enabled upon recreation.

See AWS documentation link for detailed guidance.

References

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Modify.html
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html#at-reset-encryption-enable-existing-cluster

Enable encryption-at-rest on AWS ElastiCache Replication Groups​

Description​

Remediation​

References​

Enable encryption-at-rest on AWS ElastiCache Replication Groups

Description

Remediation

References