ElastiCache Redis cache cluster has automated snapshot backups enabled with retention of at least 7 days
elasticache_redis_cluster_backup_enabled
Amazon ElastiCache Redis replication groups have automated snapshot backups enabled with a retention period of at least 7 days.
The evaluation focuses on whether backups are enabled and the configured retention meets the minimum threshold.
Risk
Absent or short-retained backups degrade availability and heighten data loss risk. Hardware failures, corruption, or accidental deletes may not be recoverable to needed points, undermining RPO/RTO, prolonging outages, and limiting forensics on cache data.
prowler aws --checks elasticache_redis_cluster_backup_enabled
Recommendation
Enable automated backups and set retention to meet RPO/RTO (typically 7 days).
- Define a consistent
snapshot window - Test restores regularly
- Protect backup storage with least privilege and immutability
- Monitor backup status for failures
- Apply defense in depth with replicas/Multi-AZ
Remediation
aws elasticache modify-replication-group --replication-group-id <REPLICATION_GROUP_ID> --snapshot-retention-limit 7 --apply-immediately
- In the AWS Console, open ElastiCache
- Go to Redis > Replication groups
- Select <example_resource_id> and click Modify
- Set Snapshot retention (days) to 7 or higher
- Check Apply immediately
- Click Modify to save
Source Code
Resource Type
Other