Redis Security Advisory
2018/06/13 11:00 PDT
Redis has published a security advisory for their in-memory data store. Amazon ElastiCache-managed Redis-compatible customer nodes are each dedicated to only running an engine for a single customer within customer VPCs. As such, no customers or third-parties can access these nodes other than those explicitly permitted by the customer to access the host VPC.
Amazon ElastiCache has released new versions of Redis, which contain updates that address this issue. ElastiCache clusters launched after June 10, 2018 are not affected by this issue. Customers with existing ElastiCache clusters will receive the updated version during their scheduled maintenance windows. These updates are designed to fully mitigate this concern and compliment ElastiCache defaults that prevent any remote unauthorized access that could expose this Redis issue. No customer action is required to receive these updates.
For more information about this security concern, please see http://antirez.com/news/119. For more information about managing secure network access to Amazon ElastiCache clusters, please see "Amazon VPCs and ElastiCache Security".