Ensure Amazon ElastiCache Redis clusters have the Multi-AZ feature enabled

Strengthen the operational robustness of your Amazon ElastiCache Redis clusters by ensuring that the Multi-AZ feature is enabled. This feature enhances the cluster's availability and fault tolerance by replicating data across multiple Availability Zones, safeguarding against potential failures and disruptions.

Suggest Edits

Risk Level: Low
Cloud Entity: Amazon ElastiCache
CloudGuard Rule ID: D9.AWS.DR.05
Covered by Spectral: No
Category: Database

GSL LOGIC

ElastiCache where engine='redis' should have replicationGroup.multiAZ.value='enabled'

REMEDIATION

From Portal

  1. Sign in to the AWS Management Console.

  2. Access the ElastiCache Dashboard by navigating to https://console.aws.amazon.com/elasticache/.

  3. Navigate to Redis Clusters:
    On the left navigation panel of the ElastiCache Dashboard, under the 'Resources' tab click on 'Redis Clusters' to access your Redis clusters.

  4. Select and Modify a Cache Cluster:
    Choose the specific cache cluster you wish to modify and click the 'Modify' button located in the 'Actions' menu in the top right corner of the dashboard.

  5. Configure Multi-AZ in the selected Redis cluster:

Enable the Multi-AZ feature by selecting 'Yes' next to 'Multi-AZ' in the 'Location' tab when you scroll down.
Click the 'Preview changes' button in the bottom of the page.
Under the 'Schedule modifications' check the 'Yes' checkbox to apply the changes immediately, and then click the 'Modify' button to modify the cluster.
The update process will take a bit.

  1. Enable Multi-AZ for Other Clusters:
    Repeat the steps for each AWS ElastiCache cluster you want to enable the Multi-AZ feature for.

From TF

To create a replication group for the Redis cluster, use the following keys' template:

resource 'aws_elasticache_replication_group' 'example' {
	//
	automatic_failover_enabled  = true
	//
	multi_az_enabled = true
	//
	replication_group_id = 'example_id'
// }

To use the Multi-AZ replication group in your Redis cluster, use the following keys' template:

resource 'aws_elasticache_cluster' 'example' {
	//
	engine = 'redis'
	//
	replication_group_id = 'example_id'
// }

From Command Line

  1. To enable both Multi AZ and Automatic failover in the replication group used by an ElastiCache Redis Cluster:
aws elasticache modify-replication-group --replication-group-id AWS_ELASTICACHE_REPLICATION_GROUP_ID (The Redis cluster name) --multi-az-enabled --automatic-failover-enabled --apply-immediately

References

  1. https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html
  2. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster#replication_group_id
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group
  4. https://redis.com/redis-enterprise/technology/highly-available-redis/

Amazon ElastiCache

Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

Compliance Frameworks

  • CloudGuard AWS All Rules Ruleset

Updated 7 months ago