ElastiCache clusters should have automatic minor version upgrades enabled
Identifier
elasticache-enable-auto-minor-version-upgrade
Category
Identify > Vulnerability, patch, and version management
Description
This control checks whether Amazon ElastiCache replication groups have automatic minor version upgrades enabled. Enabling this setting ensures that ElastiCache nodes automatically receive minor engine version updates that contain important security patches, performance improvements, and bug fixes. Regular patching minimizes exposure to known vulnerabilities and reduces operational maintenance.
This setting is controlled using auto_minor_version_upgrade = true in the aws_elasticache_replication_group or aws_elasticache_cluster Terraform resource.
Non Compliant Example
Remediation
To fix this violation, enable automatic minor version upgrades by setting auto_minor_version_upgrade = true: