AWS ElastiCache Cluster In-transit and At-rest Encryption Not Enabled

Description:

Amazon ElastiCache is a managed caching service that provides scalable in-memory data stores in the cloud. When in-transit and at-rest encryption are not enabled for ElastiCache clusters, the data can be exposed to unauthorized access or eavesdropping during transit and when stored. This could lead to sensitive data exposure and potential data breaches.

Remediation:

1. Enable At-rest Encryption:

Ensure that at-rest encryption is enabled to protect your data from unauthorized access when it's stored.

AWS Management Console:
  • Navigate to the ElastiCache dashboard.
  • Select the desired cluster.
  • Choose Modify.
  • Under the Security section, enable At-rest Encryption.
  • Click Modify to save changes.

2. Enable In-transit Encryption:

Ensure that in-transit encryption is enabled to protect your data when it's moving between nodes or between clients and nodes.

AWS Management Console:
  • Navigate to the ElastiCache dashboard.
  • Select the desired cluster.
  • Choose Modify.
  • Under the Security section, enable In-transit Encryption.
  • Click Modify to save changes.
Terraform:

To enable both in-transit and at-rest encryption for an ElastiCache cluster using Terraform, you can use the following snippet:

resource "aws_elasticache_cluster" "example" {
  # ... other configurations ...

  # Enable At-rest Encryption
  at_rest_encryption_enabled   = true

  # Enable In-transit Encryption
  transit_encryption_enabled   = true
}

Make sure to configure other required settings like the engine, node type, etc.

Recommendation:

Always consider enabling both in-transit and at-rest encryption for ElastiCache clusters, especially if they store or manage sensitive information. Encryption adds an additional layer of security, ensuring that even if data is intercepted or accessed without authorization, it remains unintelligible without the appropriate decryption keys. Regularly review your security settings to ensure that your clusters adhere to best practices and compliance requirements.

Updated 5 months ago