iCompaas Support

Profile Applicability:

• Level 1

Description:

Amazon ElastiCache is a fully managed in-memory data store and cache service, and Redis is one of the caching engines supported by ElastiCache. Redis provides high performance, scalability, and flexibility for caching. Automatic backups in ElastiCache Redis are essential to ensure that the data stored in the cache is protected and can be restored in case of failures, corruption, or other disasters. This SOP ensures that automatic backups are enabled for ElastiCache Redis cache clusters to facilitate disaster recovery and safeguard critical data.

Enabling automatic backups allows you to create daily backups of your Redis cache cluster and retain them for a specified period (up to 35 days). Backups can be used for data recovery in the event of failures or accidental data loss.

Rationale:

Enabling automatic backups in ElastiCache Redis clusters provides several benefits:

• Disaster Recovery: Automatically backs up data, making it easier to recover in case of failures or corruption.

• Data Integrity: Ensures data is preserved for later retrieval without requiring manual intervention.

• Compliance: Supports the requirement for periodic backups as part of regulatory compliance frameworks such as SOC 2, PCI-DSS, and HIPAA.

• Business Continuity: Helps businesses quickly recover from data loss, minimizing downtime and ensuring continuity.

Impact:

Pros:

• Improved Data Protection: Backups ensure Redis data can be recovered in case of failures or corruption.

• Business Continuity: Enables quick recovery of Redis data, minimizing downtime during outages.

• Compliance: Meets backup retention requirements for compliance with various industry standards and regulations.

• Automated Process: The backup process is automated, reducing the need for manual intervention and ensuring consistency.

Cons:

• Cost: Storing backups for longer periods may incur additional storage costs.

• Backup Overhead: The backup process may slightly impact performance during backup operations, although the effect is generally minimal.

• Retention Management: Managing backup retention periods might require periodic reviews and adjustments based on business needs.

Default Value:

By default, automatic backups are disabled for ElastiCache Redis clusters. To enable automatic backups, you need to configure the cluster settings accordingly.

Pre-requisite:

• AWS IAM Permissions:

  • elasticache:DescribeCacheClusters

  • elasticache:ModifyCacheCluster

  • elasticache:CreateBackup

• AWS CLI installed and configured.

• Basic understanding of ElastiCache Redis, backup configurations, and disaster recovery practices.

Remediation:

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to ElastiCache under Services.

3. In the ElastiCache Dashboard, select Redis from the left panel and go to Clusters.

4. For each Redis cache cluster, select the Cluster ID to review the configuration.

   • Under Backup settings, ensure that Automatic backups are enabled, and a backup retention period is specified (e.g., 7 days).

5. Verify the automatic backup configuration and ensure it is set up for daily backups.

Using AWS CLI:

To describe the Redis cache clusters and check if automatic backups are enabled, run:

aws elasticache describe-cache-clusters --query 'CacheClusters[*].{CacheClusterId:CacheClusterId,AutoMinorVersionUpgrade:AutoMinorVersionUpgrade,SnapshotRetentionLimit:SnapshotRetentionLimit}'

The output should display the SnapshotRetentionLimit and ensure it is greater than 0 (indicating automatic backups are enabled). Example output:

[

  {

    "CacheClusterId": "my-redis-cluster",

    "AutoMinorVersionUpgrade": true,

    "SnapshotRetentionLimit": 7

  }

]

If the SnapshotRetentionLimit is 0, automatic backups are not enabled, and you need to update the cluster settings.

Implementation Steps:

Using AWS Console:

1. Sign in to the AWS Management Console 

2. Navigate to ElastiCache.

3. In the ElastiCache Dashboard, select Redis and choose the cluster you want to modify.

4. In the Cluster Settings section, locate Backup and enable Automatic Backups.

5. Set the Backup Retention Period (the number of days to retain backups). The maximum is 35 days.

6. Click Save to apply the changes and enable backups for the Redis cluster.

Using AWS CLI:

To enable automatic backups for an existing Redis cluster, run:

aws elasticache describe-cache-clusters --query 'CacheClusters[*].{CacheClusterId:CacheClusterId,SnapshotRetentionLimit:SnapshotRetentionLimit}'

To confirm that the backup settings were applied, run:

aws elasticache describe-cache-clusters --query 'CacheClusters[*].{CacheClusterId:CacheClusterId,SnapshotRetentionLimit:SnapshotRetentionLimit}'

Backout Plan:

If enabling automatic backups results in performance issues or excessive costs:

Identify the affected Redis cache cluster.

To disable automatic backups, run the following command:

aws elasticache modify-cache-cluster \
  --cache-cluster-id <cluster-id> \
  --snapshot-retention-limit 0 \
  --apply-immediately

Verify that the SnapshotRetentionLimit is set to 0, confirming that automatic backups have been disabled.

Note :

• Backup Frequency: Automatic backups are taken daily, but the frequency and retention settings can be adjusted as needed for your environment.

• Performance Impact: While the impact of enabling automatic backups is generally low, you should monitor Redis performance to ensure backups do not interfere with critical operations.

• Cost Management: Regularly review the retention period for backups to manage storage costs effectively.

References:

• Amazon ElastiCache Documentation

• AWS CLI: describe-cache-clusters

• AWS CLI: modify-cache-cluster

CIS Controls Mapping: