Link Search Menu Expand Document

Unencrypted Elasticache Replication Group.

Explanation

You should ensure your Elasticache data is encrypted at rest to help prevent sensitive information from being read by unauthorised users.

Insecure Example

The following example will fail the AWS035 check.

resource "aws_elasticache_replication_group" "my-resource" {
        replication_group_id = "foo"
        replication_group_description = "my foo cluster"

        at_rest_encryption_enabled = false
}

Secure Example

The following example will pass the AWS035 check.

resource "aws_elasticache_replication_group" "my-resource" {
        replication_group_id = "foo"
        replication_group_description = "my foo cluster"

        at_rest_encryption_enabled = true
}