Ensuring ElastiCache Redis clusters are encrypted at rest means that the data stored in the ElastiCache Redis cluster is encrypted and cannot be accessed without proper authorization. This can help protect against unauthorized access to sensitive data in the cluster. ElastiCache provides multiple options to encrypt the data at rest. One such option is to use encryption-in-transit using SSL/TLS protocols. Another option is to use encryption-at-rest using AWS Key Management Service (KMS) to manage the encryption keys. When encryption-at-rest using KMS is used, the data stored in the ElastiCache Redis cluster is encrypted using a KMS key. The KMS key should be configured with proper permissions, and the policy should only allow authorized users to access the key. Overall, ensuring ElastiCache Redis clusters are encrypted at rest helps provide an additional layer of security for sensitive data.
To ensure ElastiCache Redis clusters are encrypted at-rest, follow the below remediation steps:
This will enable encryption at-rest for your ElastiCache Redis cluster. Additionally, you should ensure that the KMS key used for encryption is secure and has proper access controls in place.