ElastiCache Engine Version
Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free Trial Product features
Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free Trial Product featuresEnsure that your Amazon ElastiCache clusters are using the stable latest version of Redis/Memcached cache engine in order to adhere to AWS best practices, benefit from better security by having the most recent vulnerability patches, receive the latest Redis and Memcached software features and get the latest performance optimizations.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When running your ElastiCache clusters with the latest version of Redis/Memcached cache engine you will benefit from new features and enhancements, better performance, better memory management, bug fixes and security patches. For example, upgrading your ElastiCache Redis clusters version to 3.2.6 will get you all the improvements that come with Redis engine version 3 (data partitioning, geospatial indexing, online cluster resizing, replica scaling, etc) plus the ones added by AWS such as support for newer cache node types, in-transit and at-rest encryption, and support for HIPAA compliance. For ElastiCache Memcached clusters, upgrading the engine version to 1.4.34 will add several bug fixes, systemd service hardening, improved support for large items over 1MB and the ability to dynamically increase the amount of memory available to the engine without having to restart the cache cluster.
To determine if your AWS ElastiCache clusters are using the latest version of Redis/Memcached cache engine, perform the following:
01 Sign in to the AWS Management Console.
02 Navigate to ElastiCache dashboard at https://console.aws.amazon.com/elasticache/.
03 In the left navigation panel, under ElastiCache Dashboard, click Memcached to access the cache clusters created with the Memcached in-memory cache engine or Redis to access the clusters created with the Redis engine.
04 Choose the ElastiCache Memcached/Redis cache cluster that you want to examine and click on the Show/Hide Item Details button to expand the panel with the AWS resource configuration details.
05 On the cache cluster details panel, check Engine Version Compatibility attribute value to determine the Memcached/Redis engine version.
06 Use this URL to check the latest stable version of the Memcached engine supported by AWS and this URL to check the latest version of the Redis cache engine supported.
07 Compare the latest Memcached/Redis engine version supported by AWS with the version used by your existing cache clusters, listed as value for the Engine Version Compatibility attribute. If there is a newer Memcached/Redis engine version released and supported by AWS ElastiCache service, the cache engine version for the selected ElastiCache clusters should be upgraded to benefit from all the security and performance improvements that come with the latest version of the software.
08 Repeat steps no. 4 - 7 to verify the cache engine version for other AWS ElastiCache clusters available within the current region.
09 Change the AWS region from the navigation bar and repeat the audit process for the other regions.
01 Run describe-cache-clusters command (OSX/Linux/UNIX) using custom query filters to list the cache engine version utilized for each ElastiCache cluster provisioned in the selected AWS region:
aws elasticache describe-cache-clusters --region us-east-1 --output table --query 'CacheClusters[*].[CacheClusterId, Engine, EngineVersion]'
02 The command output should return a table that contains sets of metadata representing the cluster identifier (first column), the cache engine type – Memcached or Redis (second column) and the cache engine version in use (third column):
----------------------------------------------------- | DescribeCacheClusters | +--------------------------+-------------+----------+ | cc-memcached-cache | memcached | 1.4.14 | | cc-redis-web-cache-001 | redis | 3.2.4 | | cc-redis-web-cache-002 | redis | 3.2.4 | +--------------------------+-------------+----------+
03 Now open this URL to check the latest stable version of the Memcached engine supported by AWS and this URL to check the latest version of the Redis cache engine supported.
04 Compare the latest Memcached/Redis engine version supported by AWS with the version used by your existing cache clusters, listed at the previous step in the third column. If there is a newer Memcached/Redis engine version released and supported by AWS ElastiCache service, the cache engine version for your existing ElastiCache clusters should be upgraded to benefit from all the security and performance improvements that come with the latest version of the software.
05 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 4 to perform the audit process for other regions.
To upgrade the Memcached/Redis cache engine version for your existing Amazon ElastiCache clusters, perform the following:
Note 1: ElastiCache Redis cache clusters with cluster mode enabled does not support changing engine version.01 Sign in to the AWS Management Console.
02 Navigate to ElastiCache dashboard at https://console.aws.amazon.com/elasticache/.
03 In the left navigation panel, under ElastiCache Dashboard, click Memcached to access the cache clusters created with the Memcached in-memory cache engine or Redis to access the clusters created with the Redis engine.
04 Select the ElastiCache Memcached/Redis cache cluster that you want to reconfigure and click on the Modify button from the dashboard top menu to start the engine version upgrade process.
05 Inside Modify Cluster dialog box, select the latest stable version available from the Engine Version Compatibility dropdown list for the selected Memcached/Redis cache cluster. Select Apply Immediately checkbox if you want to apply the engine version change immediately. If Apply Immediately is not selected, the change will be processed during the next maintenance window. For Memcached clusters, changing the engine version clears all the existing cache data. For Redis clusters, the primary nodes become unavailable to the service requests during the upgrade process.
06 Click Modify to start the engine version upgrade process. The cluster status should change to modifying, then back to available once the process is complete.
07 Repeat steps no. 4 - 6 to upgrade the Memcached/Redis cache engine version for other AWS ElastiCache clusters available in the current region.
08 Change the AWS region from the navigation bar and repeat the entire process for other regions.
01 Based on the cache engine type used by your ElastiCache cluster, perform the following commands:
aws elasticache modify-cache-cluster --region us-east-1 --cache-cluster-id cc-memcached-cache --engine-version 1.4.34 --apply-immediately
{
"CacheCluster": {
"Engine": "memcached",
"CacheParameterGroup": {
"CacheParameterGroupName": "default.memcached1.4",
"ParameterApplyStatus": "in-sync"
},
"CacheClusterId": "cc-memcached-cache",
"PreferredAvailabilityZone": "us-east-1a",
"ConfigurationEndpoint": {
"Port": 11211,
"Address": "cc-memcached-cache.abc.cache.amazonaws.com"
},
"AtRestEncryptionEnabled": false,
...
"CacheClusterCreateTime": "2016-11-20T10:56:56.932Z",
"AutoMinorVersionUpgrade": true,
"CacheClusterStatus": "modifying",
"NumCacheNodes": 2,
"TransitEncryptionEnabled": false,
"CacheSubnetGroupName": "default",
"EngineVersion": "1.4.24",
"PendingModifiedValues": {
"EngineVersion": "1.4.34"
},
"PreferredMaintenanceWindow": "sun:07:00-sun:08:00",
"CacheNodeType": "cache.r4.large"
}
}
aws elasticache modify-replication-group --region us-east-1 --replication-group-id cc-redis-web-cache --engine-version 3.2.6 --apply-immediately
{
"ReplicationGroup": {
"Status": "modifying",
"Description": "Redis Production Web Cache",
"AtRestEncryptionEnabled": false,
"ClusterEnabled": false,
"ReplicationGroupId": "cc-redis-web-cache",
...
"AutomaticFailover": "disabled",
"TransitEncryptionEnabled": false,
"MemberClusters": [
"cc-redis-web-cache-001",
"cc-redis-web-cache-002"
],
"CacheNodeType": "cache.r4.xlarge",
"PendingModifiedValues": {}
}
}
02 Repeat step no. 1 to upgrade the Memcached/Redis cache engine version for other AWS ElastiCache clusters available in the current region.
03 Change the AWS region by updating the --region command parameter value and repeat step no. 1 and 2 to perform the process for other regions.
Whether your AWS exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Cloud Conformity offers full visibility of your infrastructure and provides continuous assurance it’s secure, optimized and compliant.
Chat with us to set up your onboarding session and start a free trial.
Let’s Chat