Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit
ID |
elasticache_replication_group_encryption_disabled |
Severity |
high |
Vendor |
AWS |
Resource |
ElastiCache |
Tags |
reachable |
Description
Amazon ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution. At the same time, it helps remove the complexity associated with deploying and managing a distributed cache environment.
To help keep your data secure, Amazon ElastiCache and Amazon EC2 provide mechanisms to guard against unauthorized access of your data on the server. By providing in-transit encryption capability, ElastiCache gives you a tool you can use to help protect your data when it is moving from one location to another.
It’s recommended to encrypt in-transit all data stored in the ElastiCache Replication Group.
Examples
CloudFormation
{
"Resources": {
"MyReplicationGroup": {
"Type": "AWS::ElastiCache::ReplicationGroup",
"Properties": {
"TransitEncryptionEnabled": false (1)
}
}
}
}| 1 | TransitEncryptionEnabled set to false means encryption at transit is not performed. |
Resources:
MyReplicationGroup:
Type: 'AWS::ElastiCache::ReplicationGroup'
Properties:
TransitEncryptionEnabled: False (1)| 1 | TransitEncryptionEnabled set to false means encryption at transit is not performed. |
Mitigation / Fix
Buildtime
CloudFormation
{
"Resources": {
"MyReplicationGroup": {
"Type": "AWS::ElastiCache::ReplicationGroup",
"Properties": {
"TransitEncryptionEnabled": true (1)
}
}
}
}| 1 | TransitEncryptionEnabled enabled. |
Resources:
MyReplicationGroup:
Type: 'AWS::ElastiCache::ReplicationGroup'
Properties:
TransitEncryptionEnabled: True (1)| 1 | TransitEncryptionEnabled enabled. |