Detections
Analytics

Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group

HIGH

Description

Data stored in the AWS Elasticache Replication Group is not encrypted at-rest which could expose sensitive customer data.

Remediation

In AWS Console -
To enable at-rest encryption when creating a replication group using the AWS Console, make the following selections:

  1. Select redis as your engine.
  2. Select version 3.2.6, 4.0.10 or later as your engine version.
  3. Select Yes from the Encryption at-rest list.

In Terraform -

  1. In the aws_elasticache_replication_group resource using Redis, set the at_rest_encryption_enabled field to true.

References:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html#at-rest-encryption-enable
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#at_rest_encryption_enabled

Policy Details

Rule Reference ID: AC_AWS_0378
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_elasticache_replication_group
Resource Category: Database
Resource Type: ElastiCache

Frameworks