Ensure ElastiCache for Memcached is not used in AWS PCI DSS environments

Amazon ElastiCache for Memcached is not included in this AWS PCI DSS Compliance program and therefore is not compliance with PCI requirements.

Risk Level: Low
Cloud Entity: Amazon ElastiCache
CloudGuard Rule ID: D9.AWS.CRY.25.PCI
Covered by Spectral: Yes
Category: Database

GSL LOGIC

ElastiCache should not have engine='memcached'

REMEDIATION

From Portal
The AWS PCI DSS Compliance program only includes Amazon ElastiCache for Redis as a PCI-compliant service. So it is recommended not to use memcached engines. Use below steps from AWS console to validate Memcached is not used in AWS PCI DSS environments.

  1. For each PCI-DSS environment, login to AWS console.
  2. Go to Amazon ElastiCache service: https://us-east-1.console.aws.amazon.com/elasticache.
  3. In the left navigation panel, click on 'Memcached clusters' and validate if there is no cluster created/used in that PCI-DSS environment.

From Command Line
Use below command to ensure there is no Memcached cluster available in your PCI-DSS environment.

aws elasticache describe-cache-clusters

References

  1. https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/SelectEngine.html
  2. https://docs.aws.amazon.com/cli/latest/reference/elasticache/describe-cache-clusters.html

Amazon ElastiCache

Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

Compliance Frameworks

  • AWS CloudGuard Well Architected Framework
  • AWS PCI-DSS 3.2
  • AWS PCI-DSS 4.0
  • CloudGuard AWS All Rules Ruleset