I have been reading up on Redis with AWS Elasticache and am a little confused on security. So far, it seems the only security is to create a Redis Security Group that only allows access from either a specific security group or IP address.
Is there any additional security I can/should add?
Is there any way to attatch Redis access security to IAM Roles?
Currently, Elasticache does not provide authentication mechanisms like, for example, RDS does. The only security available is SecurityGroups, limiting network traffic from specific sources.
Should you require Redis authentication, you will have to deploy Redis on top of EC2 instances and manage it by yourself.
You can use Redis AUTH command on Elasticache clusters that have been created with transit-encryption-enabled option.
It is not available in all regions yet but you can read more about using it in the AWS doc: https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/auth.html