amazon-web-servicesamazon-elasticache
How to enable Encryption in transit for an existing ElastiCache Global Datastore
I have an existing ElastiCache Global Data Store (Redis). I need to enable Encryption in transit . I referred to AWS Documentation , it talks about how to enable for a redis cluster but unable to do the same for my Global Data Store, though i expect the steps to same.
Refer Screenshot below. There is no option to modify or change the encryption details.
Solution
I was able to do so by disassociating my cache clusters from the global datastore and then recreate the global datastore.
Note that following these steps pose an availability risk. You are losing your cross-region availability for the time it takes you to follow this procedure.
These are the steps I followed:
- Remove the secondary regional cluster from your global datastore. This does not delete the cache cluster in the secondary region. So make sure to clean up that cache cluster now or later.
- Delete the global datastore. This doesn't delete your primary cache cluster.
- Go to the cache cluster on the primary region and modify it. You should be able to enable encryption in-transit now. Note that enabling encryption in-transit is done in two steps. First you need to step encryption in-transit to preferred. Once all of your clients have migrated to use TLS, you can set your encryption in-transit to required.
- Recreate the global datastore from an existing cluster. Choose the primary cluster and create a new secondary cluster. The new secondary cluster will be created with encryption in-transit, enabled by default.
- How to recreate EC2 instances of an autoscaling group with terraform?
- AWS Cloudwatch Alarm Issue
- AWS EC2 | using Rusoto SDK: Couldn't find AWS credentials
- How to enable "Use for Hive table metadata" in "AWS Glue Data Catalog settings" using Terraform?
- Determine if instance is a part of some AutoScaling Group in AWS
- Difference bw "start_of_file" and "end_of_file" in AWS cloud agent configuration
- not authorized to perform: ec2:DescribeInstances because no identity-based policy allows the ec2:DescribeInstances action
- Environment specific ebextensions Beanstalk commands
- MySQL/Amazon RDS error: "you do not have SUPER privileges..."
- Is EC2 t3.micro created by ECS cluster eligible for free tier?
- Amazon Neptune OpenCypher - What is the cause for "Operation terminated (internal error)" when using SET after MERGE?
- AWS SAM CLI cannot access Dynamo DB when function is invoked locally
- EC2 instance connect : There was a problem setting up the instance connection
- Wildcard filter in aws-nuke
- Add advanced validation for AWS::Serverless::Api GET query params
- Organizing AWS IAM permissions: limit of 10 policies?
- AWS: S3 Bucket AWS You can't grant public access because Block public access settings are turned on for this account
- failed calling webhook "vingress.elbv2.k8s.aws"
- terraform tags for list variable not working
- Amazon SES successfully forwarded emails but respond with 451 4.3.0 This message could not be delivered
- Why should I use Amazon Kinesis and not SNS-SQS?
- AWS Elastic Load Balancing: Seeing extremely long initial connection time
- AWS: None of the Instances are sending data
- How to assign a role to an iam user?
- Can't connect to ECS service through ALB
- How do I reference a resource created from different module in my current module?
- Aws Workspace Client cannot be opened in Ubuntu - 20.04.6 LTS
- How can I host a React app on AWS with a Python backend?
- AWS Lambda - How to stop retries when there is a failure
- How Do I get Object URL for Amazon S3 object