Amazon ElastiCache

šŸ“˜ The absence of in-transit and at-rest encryption for Amazon ElastiCache clusters poses significant risks to data security, exposing sensitive information to potential breaches. Implementing encryption is crucial for protecting data both while it's being transmitted and when it's stored.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-311 Missing Encryption of Sensitive Data
  • Assurance Scope: PCI, NIST, GDPR, HIPPA
  • Threat Modeling Principal: Tampering, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

šŸ“˜ Utilizing Amazon ElastiCache clusters in EC2 Classic can expose them to security vulnerabilities due to older, less secure configurations. Transitioning to more secure environments is essential to enhance data protection and compliance.

  • Section: Databases and Datastores
  • Severity: High
  • CWE: CWE-16 Configuration
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

šŸ“˜ Not using a Multi-AZ setup for Amazon ElastiCache Redis Cache clusters can lead to potential service disruptions and availability issues. Implementing Multi-AZ configurations is key to ensuring high availability and resilience of the cache service.

  • Section: Databases and Datastores
  • Severity: High
  • CWE: CWE-410 Insufficient Resource Pool
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Denial of Service, Availability
  • Rule Set: Threat Modeling - Cloud Configuration Check

Whatā€™s Next