Skip to main content

lacework-global-391

ElastiCache for Redis cache clusters should have auto minor version upgrade enabled (Automated)

Description

AutoMinorVersionUpgrade is a feature that you can turn on in ElastiCache for Redis to have your cache clusters automatically upgraded when a new minor cache engine version is available.

These upgrades might include security patches and bug fixes. Staying up-to-date with patch installation is an important step in securing systems.

Remediation

From the AWS Console:

  1. Log in to the AWS Management Console.
  2. Click Services.
  3. Select Database > ElastiCache.
  4. Under Resources, click Redis caches.
  5. For the cache of interest, select it and click Actions > Modify.
  6. Under Maintenance, select Enable for Auto upgrade minor versions.
  7. Once finished, click Preview changes.
  8. Under Schedule modifications, select Yes for Apply immediately, and click Modify.

From CLI:

aws elasticache modify-cache-cluster --cache-cluster-id <cluster_id> --auto-minor-version-upgrade --apply-immediately

References

https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-2
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/VersionManagement.html

Last updated on