Detections
Analytics

Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group

HIGH

Description

Data stored in the Elasticache Replication Group is not encrypted in-transit which could expose sensitive customer data.

Remediation

In AWS Console -
To enable in-transit encryption when creating a replication group using the AWS Console, make the following selections:

  1. Select redis as your engine.
  2. Select version 3.2.6, 4.0.10 or later as your engine version.
  3. Select Yes from the Encryption in-transit list.

In Terraform -

  1. In the aws_elasticache_replication_group resource, set the transit_encryption_enabled field to true.

References:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#transit_encryption_enabled

Policy Details

Rule Reference ID: AC_AWS_0379
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_elasticache_replication_group
Resource Category: Database
Resource Type: ElastiCache

Frameworks