Amazon ElastiCache for Redis
ElastiCache for Redis User Guide (API Version 2015-02-02)

ElastiCache for Redis Compliance

In this section, you can find the compliance requirements and controls offered when using Amazon ElastiCache for Redis.

ElastiCache for Redis FedRAMP Compliance

The AWS FedRAMP Compliance program includes Amazon ElastiCache for Redis as a FedRAMP-authorized service. If you are a federal or commercial customer, you can use the service to process and store your sensitive workloads in the AWS US East and US West with data up to the moderate impact level, and AWS GovCloud (US) Region’s authorization boundary with data up to the high impact level.

You can request access to the AWS FedRAMP Security Packages through the FedRAMP PMO or your AWS Sales Account Manager or, they can be downloaded through AWS Artifact at https://aws.amazon.com/artifact/.

Requirements

To enable FedRAMP support on your ElastiCache for Redis cluster, your cluster and nodes within the cluster must satisfy the following requirements.

  • Engine version requirements – Your cluster must be running one of the following ElastiCache for Redis versions to qualify for FedRAMP compliance.

  • Node type requirements – Your cluster must be running a current-generation node type—M3, M4, T2, R3, or R4. For more information, see the following:

  • FIPS Endpoints requirements – Your ElastiCache for Redis can be created using the FIPS endpoints available in the following regions:.

    Region Name/Region FIPS Endpoint

    US East (Ohio) Region

    us-east-2

    elasticache-fips.us-east-2.amazonaws.com

    US East (N. Virginia) Region

    us-east-1

    elasticache-fips.us-east-1.amazonaws.com

    US West (N. California) Region

    us-west-1

    elasticache-fips.us-west-1.amazonaws.com

    US West (Oregon) Region

    us-west-2

    elasticache-fips.us-west-2.amazonaws.com

    AWS GovCloud (US)

    us-gov-west-1

    elasticache-fips.us-gov-west-1.amazonaws.com

ElastiCache for Redis HIPAA Compliance

The AWS HIPAA Compliance program includes Amazon ElastiCache for Redis as a HIPAA Eligible Service.

In order to use ElastiCache for Redis in compliance with the HIPAA, in addition to executing the Business Associate Agreement (BAA) with AWS, your cluster and nodes within the cluster must satisfy the requirements for engine version, node type, and data security listed here.

Requirements

To enable HIPAA support on your ElastiCache for Redis cluster, your cluster and nodes within the cluster must satisfy the following requirements.

By implementing these requirements, ElastiCache for Redis can be used to store, process, and access Protected Health Information (PHI) in compliance with HIPAA.

For general information about AWS Cloud and HIPAA compliance, see the following:

ElastiCache for Redis PCI DSS Compliance

The AWS PCI DSS Compliance program includes Amazon ElastiCache for Redis as a PCI-compliant service. The PCI DSS 3.2 Compliance Package can be downloaded through AWS Artifact at https://aws.amazon.com/artifact/. For more information, see AWS PCI DSS Compliance Program.

Requirements

To enable PCI DSS support on your ElastiCache for Redis cluster, your cluster and nodes within the cluster must satisfy the following requirements.

ElastiCache for Redis also offers Data Security Controls to further secure the cluster to store, process and transmit sensitive financial data like Customer Cardholder Data (CHD) when using the service.

Create and Seed a New Compliant Cluster

To create a compliant cluster, create a new cluster making sure your choices fulfill the requirements for the compliance you want—engine version, node type, encryption, and if needed FIPS endpoints. If you choose, you can seed a new compliant cluster with data from an existing cluster as you're creating it. For more information, see:

More Information

For general information about AWS Cloud compliance, see the following: