AWS-ElastiCache-redis-clusters-data-at-rest-encryption-uses-CMK

Owned by naveen
Last updated: Nov 23, 2021
1 min read

Severity: High

Description: This control ensures  that AWS ElastiCache Redis clusters are At-Rest encrypted. ElastiCache provides a high-performance, scalable, and cost-effective caching solution.Amazon ElastiCache at-rest encryption is a feature that allows you to meet compliance requirement - encryption of data at-rest.

Remediation Steps:

Perform following to enable data at-rest encryption with CMK for ElastiCache Redis cluster :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Step 1:  Backup the ElastiCache redis cluster

    1. Navigate to ElastiCache console.

    2. In the navigation pane, choose Redis.

    3. Choose the box to the left of the name of the Redis cluster you want to back up.

    4. Now in actions dropdown choose backup.

  3. Step 2: Delete the ElastiCache Redis cluster

    1. In the navigation pane, choose Redis.

    2. Choose the box to the left of the name of the Redis cluster you want to delete.

    3. Now in actions dropdown choose Delete.

  4. Step 3: Restore the Backup

    1. In the navigation pane, choose Backups.

    2. Select the Backup you want to restore.

    3. Click on the restore button.

    4. In the Restore Cluster window ensure Encryption At-Rest option is checked and Customer Managed Customer Master Key option is used instead of Default.

Important:

Encryption at-rest option is only available while creating the ElastiCache Redis Cluster. To modify the option it need to first backup the ElastiCache Redis Cluster and delete the Cluster. After this operation, restore the backup with Encryption at-rest option enabled.

Reference:

Blue Hexagon Proprietary