Risk Level: Low
Cloud Entity: Amazon ElastiCache
CloudGuard Rule ID: D9.AWS.OPE.27
Covered by Spectral: No
Category: Database

GSL LOGIC

ElastiCache where engine='redis' should have engineVersion>='7.0.7'

REMEDIATION

From Portal

Sign in to the AWS Management Console.
Navigate to ElastiCache dashboard at https://console.aws.amazon.com/elasticache/.
Go into the 'Redis' clusters tab in the left section.
For every cluster listed, click on its name. Check the version in the 'Engine version'. If the version is under 7.0.7, it's not the latest version - thus needs to be modified.
Click on the 'Modify' button in the top left corner of the page, and then scroll until you reach the 'Cluster settings' tab.
Click the 'Engine version' button, and select the first one (should show 7.0 - but it's 7.0.7 under the hood).
Click on 'Preview changes' at the bottom of the page.
Make sure you select the 'Apply immediately' checkbox. Then press 'Modify' at the bottom of the page.
Repeat these steps for every cluster that doesn't have the latest version of the engine, and don't forget to check your other regions as well.

From TF

To change the Redis cluster's engine version, use the following keys template:

resource 'aws_elasticache_cluster' 'example_redis' {
	...
	engine               = 'redis'
	...
	engine_version       = '7.0.7'
}

From Command Line

To check for the engine version in every cluster in a specific region, run the following command:

aws elasticache describe-cache-clusters --region EXAMPLE_REGION_NAME --output table --query 'CacheClusters[*].[CacheClusterId, Engine, EngineVersion]'

If any Redis cluster's engine version is not 7.0.7, run the following command (using the first column's value as the cluster id - without the '-001 / -002 / -00x'):

aws elasticache modify-replication-group --region EXAMPLE_REGION_NAME --replication-group-id EXAMPLE_REDIS_ID --engine-version 7.0 --apply-immediately

Repeat these steps for every cluster that doesn't have the latest version of the engine, and don't forget to check your other regions as well.

References

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster

Amazon ElastiCache

Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open-source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

Compliance Frameworks

CloudGuard AWS All Rules Ruleset