ElastiCache clusters should use a non-default port for communication

elasticache
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Change your AWS ElastiCache cluster endpoint port to a non-default port.

Rationale

Using the default port puts clusters at risk of exploits and attacks. Configure a custom port to add an extra layer of security to your clusters.

Remediation

From the console

Follow the Finding connection endpoints console documentation to learn how to find and modify your cluster’s endpoint port.

From the command line

  1. Run aws elasticache describe-cache-clusters with your ElastiCache cluster ID to output the existing cluster configuration.

describe-cache-clusters.sh

  aws elasticache describe-cache-clusters
    --cache-cluster-id your-cc-id
  1. Run aws elasticache create-cache-cluster with the cluster data returned in the previous step. Configure the new cache cluster with a custom value for the endpoint port. This returns new cluster metadata.

create-cache-cluster.sh

  aws elasticache create-cache-cluster
    --cache-cluster-id new-cc-id
    ...
    --port 10001
  1. Once the cluster endpoint port is updated, remove the old ElastiCache cluster. Run delete-cache-cluster with the original cluster ID.

delete-cache-cluster.sh

  aws elasticache delete-cache-cluster
    --cache-cluster-id your-cc-id