Elasticache Replication Group stores unencrypted data at-rest.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | elasticache |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The ElastiCache replication group is configured without at-rest encryption, meaning data stored on disk is not protected. This allows sensitive information in the cache to be stored in plaintext on the underlying storage.
Impact#
If the underlying storage is accessed by an unauthorized party—due to compromise, misconfiguration, or insider threat—unencrypted data could be read directly. This exposes confidential information such as user data, application secrets, or session details, increasing the risk of data breaches and regulatory violations.
Resolution#
Enable at-rest encryption for replication group