ElastiCache should use in-transit encryption
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | LOW | AWS | DATA, NETWORK, PERMISSION |
Description
Amazon ElastiCache for Redis is a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance and scalable caching solution.
ElastiCache in-transit encryption is a tool used to help protect data when it is moving from one location to another.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | True |
Not encrypting data in-transit could lead to data leak in case of an attack.
Remediation guidelines
Enable in-transit encryption when creating an ElastiCache for Redis replication group. Note that this will recreate the ElastiCache replication group and could lead to data loss. If losing this data is not acceptable, backups should be used. See https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html for more details