Amazon ElastiCache for Redis | Encryption Flashcards
How much does it cost to use the enhanced Redis engine?
Encryption
Amazon ElastiCache for Redis | Database
There is no additional charge for using the enhanced Redis engine. As always, you will only be charged for the nodes you use.
What does encryption in-transit for ElastiCache for Redis provide?
Encryption
Amazon ElastiCache for Redis | Database
The encryption in-transit feature enables you to encrypt all communications between clients and Redis server as well as between the Redis servers (primary and read replica nodes).
What does encryption at-rest for ElastiCache for Redis provide?
Encryption
Amazon ElastiCache for Redis | Database
Encryption at-rest allows for encryption of data during backups and restore - data backed up and restored on disk and via Amazon S3 is encrypted.
How can I use encryption in-transit, at-rest, and Redis AUTH?
Encryption
Amazon ElastiCache for Redis | Database
Encryption in-transit, encryption at-rest, and Redis AUTH are all opt-in features. At the time of Redis cluster creation via the console or command line interface, you can specify if you want to enable encryption and Redis AUTH and can proceed to provide an authentication token for communication with the Redis cluster. Once the cluster is setup with encryption enabled, ElastiCache seamlessly manages certificate expiration and renewal without requiring any additional action from the application. Additionally, the Redis clients need to support TLS to avail of the encrypted in-transit traffic.
Is there an Amazon ElastiCache for Redis client that I need to use when using encryption in-transit, or at-rest?
Encryption
Amazon ElastiCache for Redis | Database
No. Encryption in-transit requires clients to support TLS. Most of the popular Redis clients (such as Lettuce, Predis, go-Redis) provide support for TLS with some configuration settings. You have to make sure that your Redis client of choice is configured to support TLS and continue to use ElastiCache for Redis as before.
Can I enable encryption in-transit and encryption at-rest on my existing ElastiCache for Redis clusters?
Encryption
Amazon ElastiCache for Redis | Database
No. Encryption in-transit and encryption at-rest support is only available for new clusters and is not supported on existing ElastiCache for Redis clusters. ElastiCache for Redis version 3.2.6 is the initial version that supports these features.
Is there any action needed to renew certificates?
Encryption
Amazon ElastiCache for Redis | Database
No. ElastiCache manages certification expiration and renewal behind the scene. No user action is necessary for ongoing certificate maintenance.
Can I use my certificates for encryption?
Encryption
Amazon ElastiCache for Redis | Database
No. Currently, ElastiCache does not provide the ability for you to use your certificates. ElastiCache manages certificates transparently for you.
Which instance types are supported for encryption in transit and encryption at rest?
Encryption
Amazon ElastiCache for Redis | Database
All current generation instances are supported for encryption in transit and encryption at rest.
