top of page

ElastiCache.7

ElastiCache clusters should not use the default subnet group

Severity

Cloud Platforms

Resources

Related Standards

Automated

HIGH

AWS

Elasticache

NIST.800-53.r5,

This control checks if ElastiCache clusters are configured with a custom subnet group. The control fails for an ElastiCache cluster if CacheSubnetGroupName has the value default. When launching an ElastiCache cluster, a default subnet group is created if one doesn't exist already. The default group uses subnets from the default Virtual Private Cloud (VPC). We recommend using custom subnet groups that are more restrictive of the subnets that the cluster resides in, and the networking that the cluster inherits from the subnets.

bottom of page