ElastiCache Replication Group Publicly Available for Any Source

Tenacity Id

Risk Level

Categories

security-group-037

2

Last Updated:

April 21, 2022

An AWS ElastiCache cluster is deployed in a public subnet with a security group allowing an inbound source address of 0.0.0.0/0 or ::/0. Unrestricted inbound access is inherently insecure and creates a broad attack surface for potentially any device on the internet to exploit. ElastiCache cluster traffic should remain internal. Remove the inbound rule allowing any source address and port (0.0.0.0/0 or ::/0) in this Security Group and add inbound rules to for the ElastiCache cluster to communicate internally.