AWS-ElastiCache-redis-clusters-Redis-AUTH-enable

Owned by naveen
Nov 23, 2021
1 min read

Severity: Medium

Description: This control ensures  that AWS ElastiCache Redis Clusters are having Redis AUTH feature enabled. Amazon ElastiCache in-transit encryption is an optional feature that allows you to increase the security of your data at its most vulnerable points when it is in transit from one location to another. Redis authentication tokens enable Redis to require a token (password) before allowing clients to execute commands, thereby improving data security.

Remediation Steps:

Perform following to enable Redis Auth for ElastiCache Redis cluster :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Step 1:  Backup the ElastiCache redis cluster

    1. Navigate to ElastiCache console.

    2. In the navigation pane, choose Redis.

    3. Choose the box to the left of the name of the Redis cluster you want to back up.

    4. Now in actions dropdown choose backup.

  3. Step 2: Delete the ElastiCache Redis cluster

    1. In the navigation pane, choose Redis.

    2. Choose the box to the left of the name of the Redis cluster you want to delete.

    3. Now in actions dropdown choose Delete.

  4. Step 3: Restore the Backup

    1. In the navigation pane, choose Backups.

    2. Select the Backup you want to restore.

    3. Click on the restore button.

    4. In the Restore Cluster window ensure Encryption in-transit option is checked for Redis AUTH option to be visible.

    5. Ensure to check Redis AUTH option.

Important:

Redis AUTH feature is only available while creating the ElasticCache Redis Cluster. So to modify the option we have to first backup the ElasticCache Redis Cluster and delete the Cluster. After this operation, we can restore the backup with the Redis AUTH feature option set to enabled.

Reference:

Blue Hexagon Proprietary