Ensure that the number of ElastiCache cluster cache nodes provisioned in your AWS account has not reached the limit quota established by your organization for the ElastiCache workload deployed. By default, Cloud Conformity sets a threshold value of 5 for the maximum number of provisioned cluster nodes but you also have the option to adjust this threshold based on your requirements. Once you define your own threshold for the maximum number of ElastiCache cluster nodes that you need to run across all AWS regions, Cloud Conformity engine will start to continuously scan your account for ElastiCache nodes and when the number of cluster nodes reach the specified count (threshold) you will get notified via communication channels configured within your Cloud Conformity account. If the ElastiCache limit quota defined for your AWS account is reached, you can raise an AWS support case to request limiting the number of provisioned ElastiCache nodes.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Monitoring and setting limits for the maximum number of ElastiCache cluster nodes provisioned within your AWS account will help you to better manage your ElastiCache compute resources and prevent unexpected charges on your AWS bill. For example, users within your organization can create more AWS ElastiCache clusters than the number established in the company policy, exceeding the monthly budget allocated for cloud computing resources. Also, if your AWS account is compromised and the attacker is able to create large ElastiCache clusters for malicious purposes, these can drive up fast your AWS ElastiCache costs.
Note: The threshold for the maximum number of ElastiCache nodes per AWS account set for this conformity rule is 5 (default value).
Audit
To determine the number of ElastiCache cluster nodes provisioned within your AWS account, perform the following:
Remediation / Resolution
To create an AWS support case in order to request limiting the number of provisioned ElastiCache cluster nodes in your AWS account based on your requirements, perform the following actions:
Note: Requesting a limit for the number of cache nodes per region using the AWS API via Command Line Interface (CLI) is not currently supported.References
- AWS Documentation
- Amazon ElastiCache FAQs
- Managing ElastiCache
- ElastiCache Clusters
- ElastiCache Nodes
- AWS Command Line Interface (CLI) Documentation
- elasticache
- describe-cache-clusters
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
ElastiCache Nodes Counts
Risk Level: Medium