ElastiCache Redis replication group has Multi-AZ enabled
elasticache_redis_cluster_multi_az_enabled
ElastiCache for Redis replication groups have Multi-AZ automatic failover enabled, distributing primary and replicas across distinct Availability Zones
Risk
Without Multi-AZ failover, a node or AZ outage can make Redis endpoints unreachable, reducing availability. Cold-cache rebuilds shift load to databases, risking saturation and cascading timeouts. Recent writes may be lost during failures, impacting integrity.
prowler aws --checks elasticache_redis_cluster_multi_az_enabled
Recommendation
Enable Multi-AZ with automatic failover (MultiAZ: enabled) on Redis replication groups and place replicas in separate AZs. Use clients that follow primary/reader endpoints, monitor replication lag, and regularly test failover. Pair with snapshots for recovery; this enforces high availability and resilience.
Remediation
aws elasticache modify-replication-group --replication-group-id <example_resource_id> --multi-az-enabled --automatic-failover-enabled --apply-immediately
- In the AWS Console, go to ElastiCache > Redis
- Select the target replication group
- Click Modify
- Enable Multi-AZ (and Automatic failover if prompted)
- Check Apply immediately and click Modify
Source Code
Resource Type
Other