[aws-elasticache] no encryption for cluster

[ogger]

I would like to create an encrypted elasticache redis cluster with the following Options:

• encryption at rest
• encryption in transit
• redis auth

Use Case

We are using elasticache redis for caching data, an we would like to encrypt the cluster. Encryption is part of our security strategy and a must. With CDK this is not possible, the options are missing. I have checked with AWS console, it is possible, also with boto3 (https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elasticache.html#ElastiCache.Client.create_cache_cluster).

Proposed Solution

• [ ] :wave: I may be able to implement this feature request
• [ ] :warning: This feature might incur a breaking change

---

This is a :rocket: Feature Request

[iliapolo]

Hi @ogger - Looking at the docs you sent, I don't see support for encryption. And indeed, it looks like the service API also doesn't have this option: https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_CreateCacheCluster.html.

However, encryption properties are available when creating a ReplicationGroup, which is a generalization of a single cluster, so would that work for you? Here are the docs for it:

CDK Docs: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-elasticache.CfnReplicationGroup.html

[github-actions[bot]]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[vekariyabhargav]

Any update on this?

[irby]

I'm surprised no encryption at rest option is available from the APIs. Seems to be like a big miss.