Control: 1 ElastiCache for Redis clusters should have automatic backups scheduled
Description
This control evaluates if Amazon ElastiCache for Redis clusters have automatic backup scheduled. The control fails if the SnapshotRetentionLimit for the Redis cluster is less than 1.
Amazon ElastiCache for Redis clusters can back up their data. You can use the backup to restore a cluster or seed a new cluster. The backup consists of the cluster's metadata, along with all of the data in the cluster. All backups are written to Amazon Simple Storage Service (Amazon S3), which provides durable storage. You can restore your data by creating a new Redis cluster and populating it with data from a backup. You can manage backups using the AWS Management Console, the AWS Command Line Interface (AWS CLI), and the ElastiCache API.
Remediation
For information about scheduling automatic backups, see Scheduling Automatic Backups in the Amazon ElastiCache User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_elasticache_1Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_elasticache_1 --shareSQL
This control uses a named query:
select arn as resource, case when snapshot_retention_limit < 15 then 'alarm' else 'ok' end as status, case when snapshot_retention_limit = 0 then title || ' automatic backups not enabled.' when snapshot_retention_limit < 15 then title || ' automatic backup retention period is less than 15 days.' else title || ' automatic backup retention period is more than 15 days.' end as reason , region, account_idfrom aws_elasticache_replication_group;