Skip to main content

lacework-global-715

AWS ElastiCache Replication Group encryption-at-rest should be enabled

Description

As a security best practice, encryption-at-rest should be enabled on an Elasticache Replication Group in order to prevent unauthorized users from reading sensitive data saved to persistent media available on Elasticache clusters and their associated cache storage systems.

Remediation

Modifications to Replication Groups is limited.

Replication groups that do not have encryption-at-rest enabled need to be recreated and restored from a backup of the existing replication group. Upon recreation, encryption-at-rest should be enabled.

See AWS documentation here for detailed guidance.