lacework-global-715
Enable encryption-at-rest on AWS ElastiCache Replication Groups
Description
As a security best practice enable encryption-at-rest on an Elasticache Replication Group to prevent unauthorized users from reading sensitive data saved to persistent media available on Elasticache clusters and their associated cache storage systems.
Remediation
You have limited options for Modifications to Replication Groups.
The solution for replication groups that do not have encryption-at-rest enabled is to recreate and restore from a backup of the existing replication group. The replication group has encryption-at-rest enabled upon recreation.
See AWS documentation link for detailed guidance.
References
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Modify.html
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html#at-reset-encryption-enable-existing-cluster