Ensure Amazon ElastiCache Redis clusters have automatic backup turned on

Error: Amazon ElastiCache Redis clusters do not have automatic backup turned on

Policy ID: BC_AWS_GENERAL_45
Checkov Check ID: CKV_AWS_134
Severity: LOW

Amazon ElastiCache Redis clusters do not have automatic backup turned on

Description

Amazon ElastiCache clusters running Redis can back up their data. Using automated backup, you can restore a cluster or seed a new cluster. The backup consists of the cluster's metadata, along with all of the data in the cluster.

You can enable or disable automatic backups on an existing Redis cluster or replication group by modifying it using the ElastiCache console, the AWS CLI, or the ElastiCache API. For any Redis cluster, you can enable automatic backups. When automatic backups are enabled, ElastiCache creates a backup of the cluster on a daily basis. There is no impact on the cluster and the change is immediate.

Fix - Buildtime

Terraform

  • Resource: aws_elasticache_cluster
  • Argument: snapshot_retention_limit
resource "aws_elasticache_cluster" "example" {
  ...
+ snapshot_retention_limit = 5
}