Question 1

Is at_rest_encryption_enabled enforced for PCI DSS v4.0?

Accepted Answer

Yes, This control checks if ElastiCache for Redis replication groups are encrypted at rest. This control fails if an ElastiCache for Redis replication group isn't encrypted at rest.

Question 2

Is snapshot_retention_limit enforced for PCI DSS v4.0?

Accepted Answer

Yes, When automatic backups are enabled, AWS ElastiCache creates a backup of the cluster on a daily basis. The backup can be retained for a number of days as specified by your organization. Automatic backups can help guard against data loss.

Question 3

Is subnet_group_name enforced for PCI DSS v4.0?

Accepted Answer

Yes, This control checks if ElastiCache clusters are configured with a custom subnet group. The control fails for an ElastiCache cluster if CacheSubnetGroupName has the value default.

Question 4

Is transit_encryption_enabled enforced for PCI DSS v4.0?

Accepted Answer

Yes, This control checks if ElastiCache for Redis replication groups are encrypted in transit. This control fails if an ElastiCache for Redis replication group isn't encrypted in transit.

AWS ElastiCache Terraform module

Terraform Module Source