Checks if Amazon ElastiCache replication groups have encryption-at-rest enabled. The rule is NON_COMPLIANT for an ElastiCache replication group if 'AtRestEncryptionEnabled' is disabled or if the KMS key ARN does not match the approvedKMSKeyArns parameter.

This config rule supports the following parameters:

  • approvedKMSKeyIds
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of KMS Key IDs that are approved for ElastiCache usage.

CloudFormation Template