Skip to content

Elasticache Replication Group stores unencrypted data at-rest.

Default Severity: high

Explanation

Data stored within an Elasticache replication node should be encrypted to ensure sensitive data is kept private.

Possible Impact

At-rest data in the Replication Group could be compromised if accessed.

Suggested Resolution

Enable at-rest encryption for replication group

Insecure Example

The following example will fail the aws-elasticache-enable-at-rest-encryption check.

 resource "aws_elasticache_replication_group" "bad_example" {
         replication_group_id = "foo"
         replication_group_description = "my foo cluster"

         at_rest_encryption_enabled = false
 }

Secure Example

The following example will pass the aws-elasticache-enable-at-rest-encryption check.

 resource "aws_elasticache_replication_group" "good_example" {
         replication_group_id = "foo"
         replication_group_description = "my foo cluster"

         at_rest_encryption_enabled = true
 }