# AWS ElastiCache Best Practices - Key Excerpts for Cache Client **Authority Tier:** Tier 2 (Vendor) **Source:** https://docs.aws.amazon.com/elasticache/ **Relevance:** Official AWS guidance on security, performance, monitoring for Redis/Memcached --- ## Security Best Practices > **User fills in:** Fetch AWS ElastiCache security documentation > > Look for sections on: > - Encryption in transit (TLS) > - Authentication (Redis AUTH) > - Network isolation (VPC) > - Credential management **Key Claims:** - `cache/tls_verification :: required = true` - **Consequence:** Disabled TLS verification enables MITM attacks - attacker intercepts cache traffic - `cache/credentials :: storage = "environment"` - **Consequence:** Hardcoded credentials in code leak via version control - `cache/auth_enabled :: required = true` - **Consequence:** No authentication allows unauthorized cache access --- ## Performance Tuning > **User fills in:** Fetch AWS ElastiCache performance best practices > > Look for: > - Connection pooling recommendations > - Timeout configurations > - Cache hit/miss optimization > - Eviction policy selection **Key Claims:** - `cache/connection_pool/max_size :: recommended = 50` - **Consequence:** Too small pool causes connection contention, too large exhausts resources - `cache/timeout :: recommended = 5000` - **Consequence:** Excessive timeout (e.g., 60s) causes request queuing during failures - `cache/read_timeout :: required = true` - **Consequence:** No read timeout causes indefinite blocking on slow responses --- ## Monitoring and Metrics > **User fills in:** Fetch AWS ElastiCache monitoring documentation > > Look for: > - CloudWatch metrics (CacheHits, CacheMisses, Evictions) > - Recommended alarms > - Performance baseline establishment **Key Claims:** - `cache/metrics/hit_rate :: required = true` - **Consequence:** No hit/miss tracking prevents debugging cache effectiveness - `cache/metrics/evictions :: required = true` - **Consequence:** No eviction metrics hides memory pressure issues - `cache/metrics/latency :: required = true` - **Consequence:** No latency tracking prevents SLA violation detection --- ## High Availability > **User fills in:** Fetch AWS ElastiCache HA documentation > > Look for: > - Multi-AZ deployment > - Automatic failover > - Backup and restore **Key Claims:** - `cache/circuit_breaker :: recommended = true` - **Consequence:** No circuit breaker causes cascade failures when cache is down - `cache/fallback_strategy :: required = true` - **Consequence:** No fallback means cache outage = application outage --- ## Common Pitfalls (from AWS docs) > **User fills in:** Search AWS documentation for "common mistakes", "troubleshooting", "gotchas" > > Example pitfalls: > - Not using connection pooling > - Oversized keys/values > - Missing TTL causing memory leaks > - No eviction policy **Key Claims:** - `cache/value_size :: maximum = 1048576` # 1 MB - **Consequence:** Oversized values degrade performance and waste memory - `cache/key_prefix :: required = true` - **Consequence:** No key prefixing causes collisions in shared cache instances --- ## Extraction Guide 1. **Navigate to AWS docs:** ```bash open https://docs.aws.amazon.com/elasticache/ ``` 2. **Search for key sections:** - Security: Encryption, authentication - Performance: Connection pooling, timeouts - Monitoring: CloudWatch metrics, alarms - Best practices: Common pitfalls 3. **Extract official recommendations:** - Look for "AWS recommends..." or "Best practice is..." - Note consequences from troubleshooting guides - Document metric thresholds 4. **Map to concept paths:** - `cache/tls_verification` - `cache/metrics/hit_rate` - `cache/circuit_breaker` - `cache/connection_pool/max_size` 5. **Add to claims with provenance:** - Provenance: "AWS ElastiCache Best Practices Guide - Security Section" - Link to specific AWS doc page