These rules flag ElastiCache clusters that are idle or running on-demand when reserved node pricing would save you money.
| Rule ID | Scan Type | Name |
|---|---|---|
| CLDBRN-AWS-ELASTICACHE-1 | Discovery | ElastiCache Cluster Missing Reserved Coverage |
| CLDBRN-AWS-ELASTICACHE-2 | Discovery | ElastiCache Cluster Idle |
CLDBRN-AWS-ELASTICACHE-1
ElastiCache Cluster Missing Reserved Coverage
Scan type: Discovery
What it checks
Flags ElastiCache clusters that have been running for at least 180 days without matching active reserved node coverage. The rule normalizes node sizes into capacity units and checks whether your reserved inventory covers each cluster's actual footprint.
Valkey clusters can consume reserved coverage from Valkey, Redis, or wildcard engine buckets. Node types with unknown sizes fall back to exact-type matching.
Why it matters
ElastiCache Reserved Nodes offer up to 55% savings over on-demand pricing for 1-year terms and even more for 3-year commitments. A cluster that has been running for 6+ months without reserved coverage is almost certainly a candidate for a reservation. The longer a cluster runs on-demand, the more money you leave on the table.
What triggers a finding
All of the following must be true:
- Cluster status is
available - Cluster has been running for 180 or more days
- The cluster's normalized capacity exceeds the remaining reserved node coverage for its
region:nodeType:enginecombination
How to remediate
- Review the flagged cluster's node type, engine, and node count
- Check your current reserved node inventory for gaps in coverage
- Purchase a reserved node that matches the cluster's configuration:
aws elasticache purchase-reserved-cache-nodes-offering \
--reserved-cache-nodes-offering-id <offering-id> \
--cache-node-count 1
Consider using the AWS Cost Explorer Reserved Instance recommendations to identify the most cost-effective reservation terms for your usage patterns.
CLDBRN-AWS-ELASTICACHE-2
ElastiCache Cluster Idle
Scan type: Discovery
What it checks
Flags available ElastiCache clusters whose 14-day average cache hit rate stays below 5% and average current connections stay below 2.
Why it matters
An ElastiCache cluster with negligible cache hits and almost no connections is not providing caching value. ElastiCache nodes are billed per hour regardless of utilization. A cache.r6g.large cluster costs roughly $200/month. If it's not being used, that's pure waste.
What triggers a finding
cacheClusterStatus is available AND averageCacheHitRateLast14Days is less than 5 AND averageCurrentConnectionsLast14Days is less than 2 (both non-null).
How to remediate
Verify that the application is configured to use the cluster. If the cluster is genuinely unused, delete it. If it's supposed to be used, investigate why the application isn't connecting (wrong endpoint, DNS mismatch, security group blocking).
aws elasticache delete-cache-cluster --cache-cluster-id my-cluster-id
See Also
- CLI discover command -- scan live ElastiCache clusters
- SDK Reference -- run scans programmatically