Detections
Analytics

Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clusters

HIGH

Description

Redis version is not compliant with AWS PCI-DSS requirements for AWS ElastiCache clusters.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the ElastiCache Console.
  2. Under Resources in the navigation bar, select Redis clusters.
  3. Choose the cluster to edit, then in the Actions drop-down, select Modify.
  4. Under Cluster settings, change the Engine Version to a version to 4.0.10 or greater.
  5. Select Preview Changes.
  6. Choose whether to apply immediately (this will force a reboot if selected, or if deselected the change will take effect on the next scheduled maintenance).
  7. Select Modify.

In Terraform -

  1. In the aws_elasticache_cluster resource, set the engine_version to 4.0.10 or greater.
  2. Set the apply_immediately field accordingly.

References:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html#redis-version-4-0-10
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster

Policy Details

Rule Reference ID: AC_AWS_0102
CSP: AWS
Remediation Available: Yes
Domain: Compliance Validation
Resource: aws_elasticache_cluster
Resource Category: Database
Resource Type: ElastiCache

Frameworks