I have been reading up on Redis with AWS Elasticache and am a little confused on security. So far, it seems the only security is to create a Redis Security Group that only allows access from either a specific security group or IP address.
Is there any additional security I can/should add?
Is there any way to attatch Redis access security to IAM Roles?
Best Answer
Currently, Elasticache does not provide authentication mechanisms like, for example, RDS does. The only security available is SecurityGroups, limiting network traffic from specific sources.
Should you require Redis authentication, you will have to deploy Redis on top of EC2 instances and manage it by yourself.