lacework-global-715
AWS ElastiCache Replication Group encryption-at-rest should be enabled
Description
As a security best practice, encryption-at-rest should be enabled on an Elasticache Replication Group in order to prevent unauthorized users from reading sensitive data saved to persistent media available on Elasticache clusters and their associated cache storage systems.
Remediation
Modifications to Replication Groups is limited.
Replication groups that do not have encryption-at-rest enabled need to be recreated and restored from a backup of the existing replication group. Upon recreation, encryption-at-rest should be enabled.
See AWS documentation here for detailed guidance.