8

We would like to use AWS ElastiCache for our application, and we have a strict requirement that all data should be encrypted in transit.

I was trying to find out whether ElastiCache access is done using SSL but cannot get a definitive answer from Amazon documentation. It is possible to set a policy option aws:SecureTransport to True when setting security for ElasticCache cluster, but I am not sure if it is supported for ElastiCache. AWS documentation says that this option is ignored e.g. for S3 as S3 always uses SSL.

Daniel
  • 186
  • 1
  • 7
  • 1
    AFAIK this isn't supported (yet?) by AWS, but I could be wrong. What I do know is that the company that I work at - Redis Labs - does provide SSL encryption for our services. If you are interested, send an email to our support@redislabs.com. – Itamar Haber Jun 19 '14 at 22:32
  • Yeah there is still no support for SSL. Alternatively you could spin up your own EC2 instances to run redis. Ultimately, ElastiCache just spins up EC2 instances with redis pre-configured. – Hengjie Oct 19 '14 at 22:06

3 Answers3

7

ElastiCache now supports TLS encryption in transit.

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html

jonny
  • 4,264
  • 4
  • 22
  • 29
Z Boschert
  • 88
  • 1
  • 1
4

This is better suited as a comment, but I don't have enough points.

My company spoke with AWS customer service, and they confirmed it isn't supported for ElastiCache; the sslEnabled option you're referring to is indeed ignored. It's only in there because it's inherited.

Peter Long Nguyen
  • 71
  • 1
  • 3
0

We enabled in-transit and at-rest encryption for ElastiCache Redis cluster. And used lettuce client for connection.

https://github.com/lettuce-io/lettuce-core/wiki/SSL-Connections

user3082578
  • 1
  • 1