AWS ElastiCache Cluster Located in EC2 Classic
Description:
Amazon ElastiCache provides managed in-memory data store and cache services in the AWS cloud. When an ElastiCache cluster is located in the EC2 Classic platform, it is not utilizing the enhanced networking, security, and management features provided by Amazon Virtual Private Cloud (VPC). Operating within EC2 Classic can expose the ElastiCache cluster to larger attack surfaces and may not conform to best security practices.
Remediation:
1. Migrate from EC2 Classic to Amazon VPC:
To secure your ElastiCache clusters and benefit from enhanced features, consider migrating your ElastiCache clusters from EC2 Classic to a VPC.
AWS Management Console:
- Navigate to the ElastiCache dashboard.
- Choose the ElastiCache cluster located in EC2 Classic.
- Note the configuration and data, as you'll be recreating this in the VPC.
- Delete the cluster in EC2 Classic.
- Create a new ElastiCache cluster in your VPC with the desired configuration.
- Restore data to the new cluster if necessary.
Note: Always backup any critical data before deleting any resources.
Terraform:
To create an ElastiCache cluster within a VPC using Terraform, you can use the following snippet:
resource "aws_elasticache_subnet_group" "example" {
name = "example"
subnet_ids = ["subnet-XXXXXXXX", "subnet-YYYYYYYY"]
description = "ElastiCache subnet group within VPC"
}
resource "aws_elasticache_cluster" "example" {
# ... other configurations ...
subnet_group_name = aws_elasticache_subnet_group.example.name
}
Ensure you've defined the VPC and relevant subnets within your Terraform configuration.
Recommendation:
Always deploy ElastiCache clusters within a VPC to take advantage of enhanced security features such as security groups, Network ACLs, private subnet isolation, and more. Regularly audit and review your AWS resources to ensure they are operating in the desired environment and adhering to best practices.
Updated 12 months ago