VIEW RULE IN DATADOG VIEW MISCONFIGURATIONS

Description

This assessment verifies ElastiCache clusters are configured with a custom subnet group. The assessment will not pass for an ElastiCache cluster if the CacheSubnetGroupName is set to default.

When initiating an ElastiCache cluster, a default subnet group is automatically generated if one does not already exist. This default group utilizes subnets from the default Virtual Private Cloud (VPC). It is advised to utilize custom subnet groups that give more control over the subnets in which the cluster is located and the networking inherited from those subnets.

Remediation

For guidance on establishing a new subnet group for an ElastiCache cluster, please refer to the Creating a subnet group section in the Amazon ElastiCache User Guide.