ElastiCache Replication Group Publicly Available for Any Source

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

An AWS ElastiCache cluster is deployed in a public subnet with a security group allowing an inbound source address of or ::/0. Unrestricted inbound access is inherently insecure and creates a broad attack surface for potentially any device on the internet to exploit. ElastiCache cluster traffic should remain internal. Remove the inbound rule allowing any source address and port ( or ::/0) in this Security Group and add inbound rules to for the ElastiCache cluster to communicate internally.