CloudWiki
Rules
Critical

Ensure default security groups are not in use by ElastiCache

Security & Compliance
Description

Amazon ElastiCache is a popular caching service provided by Amazon Web Services (AWS) that enables users to deploy and manage in-memory data stores. By default, when you create an ElastiCache cluster, AWS creates several security groups that control the network traffic to and from your cluster. These default security groups are designed to allow access from within your VPC and are meant to be used for testing and development purposes only.It is important to ensure that default security groups are not in use by ElastiCache in a production environment because they are not configured with the appropriate security rules and are not meant to be used in a production setting. Using default security groups could result in security vulnerabilities, as they may allow unauthorized access to your cluster.‍

Remediation

Here are the steps to remediate the issue of default security groups being used by ElastiCache:

  1. Identify ElastiCache clusters: Identify all the ElastiCache clusters in your AWS account that are using default security groups.
  2. Create new security groups: Create new security groups with appropriate rules for your production environment. For example, you might create a security group that only allows traffic from specific IP addresses or that allows traffic only on specific ports.
  3. Update ElastiCache cluster security groups: Update the security groups associated with your ElastiCache clusters to use the newly created security groups. You can do this by modifying the cluster settings in the AWS Management Console or by using AWS CLI.
  4. Test and validate: Test your new security groups to ensure they are functioning as expected and that your ElastiCache clusters are accessible only to authorized resources.
  5. Remove default security groups: Once you have updated the security groups for all of your ElastiCache clusters, you should remove the default security groups that were created by AWS. This will help to ensure that the default security groups are not accidentally used in the future.

By following these remediation steps, you can help to ensure that default security groups are not in use by ElastiCache in your production environment, which can help to prevent security vulnerabilities and unauthorized access to your ElastiCache clusters.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.