This alert triggers when the average latency of successful read requests to the ElastiCache cluster exceeds the specified threshold. High read latency can impact application performance by slowing down data retrieval times, which may affect user experience and overall system efficiency. Monitoring this metric helps ensure that the ElastiCache cluster maintains optimal performance and responsiveness. The alert is activated when read latency exceeds 20 milliseconds (ms) over last 10 minutes. Customization Guidance: - Threshold: The default threshold is set to trigger when the average latency exceeds 20 milliseconds (ms) in 10-minute period. Depending on the application's performance and expected load, this threshold may be adjusted to better reflect the operational norms and service requirements.Lower latency is generally better. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical application to catch issues more rapidly.This allows for timely detection of latency issues without overwhelming you with too many alerts. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of high latency. This may involve examining the cache load, identifying any network issues, and optimizing application queries if necessary.

This alert triggers when the average latency of successful write requests to the ElastiCache cluster exceeds the specified threshold. High write latency can impact application performance by slowing down data storage times, which may affect user experience and overall system efficiency. Monitoring this metric helps ensure that the ElastiCache cluster maintains optimal performance and responsiveness. The alert is activated when write latency exceeds 20 milliseconds (ms) over last 10 minutes. Customization Guidance: - Threshold: The default threshold is set to trigger when the average latency exceeds 20 milliseconds (ms) in 10-minute period. Depending on the application's performance and expected load, this threshold may be adjusted to better reflect the operational norms and service requirements. Lower latency is generally better. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. This allows for timely detection of latency issues without overwhelming you with too many alerts. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of high latency. This may involve examining the cache load, identifying any network issues, and optimizing application queries if necessary. Additional steps may include considering data sharding to distribute the write load more evenly and scaling up or scaling out the cache cluster to handle increased write traffic.

This alert triggers when the total number of throttled commands in the ElastiCache cluster exceeds the specified threshold. Throttled commands occur when requests exceed the allowed rate limits, leading to degraded performance and potential service disruptions. Monitoring this metric helps ensure that the ElastiCache cluster operates within optimal parameters and that the application can handle the required load without exceeding limits. The alert is activated when the number of throttled commands exceeds 100 over the last 10 minutes. Customization Guidance: - Threshold: The default threshold is set at 100 throttled commands over the last 10 minutes. Depending on the application's performance and expected load, this threshold may be adjusted to better reflect the operational norms and service requirements. Lower values indicate better performance. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. This allows for timely detection of throttling issues without overwhelming you with too many alerts. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of throttled commands. This may involve examining the cache load, verifying if the rate limits are being exceeded and considering increasing them if necessary, analyzing and optimizing application queries to reduce the number of commands sent to the cache, scaling up or scaling out your cache cluster to handle increased traffic and reduce throttling, and ensuring that the client-side configurations (such as retry logic and backoff strategies) are appropriately set to handle throttling.

This alert triggers when the maximum number of current connections to the ElastiCache cluster exceeds the specified threshold. A high number of connections can indicate heavy usage, which might lead to performance degradation or resource exhaustion if the cluster cannot handle the load. Monitoring this metric helps ensure that the ElastiCache cluster can sustain the required connections without impacting performance. The alert is activated when the number of current connections exceeds the 1000 over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at 1000 connections over the last 10 minutes. Depending on the cluster's capacity and typical usage patterns, this threshold may be adjusted to better reflect the operational norms and service requirements. Higher values may be necessary for applications with high concurrent user traffic. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on cluster's capacity and typical usage patterns. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of connections. This may involve examining traffic patterns to check for unusual spikes or sustained increases in user activity, reviewing and optimizing connection management settings such as connection pooling and timeout configurations, ensuring the ElastiCache cluster has adequate resources (CPU, memory) to handle the high number of connections, considering scaling up or scaling out the cache cluster to manage increased connection loads effectively, and analyzing and optimizing application code to manage connections more efficiently and avoid unnecessary open connections.

This alert triggers when the average CPU utilization of the ElastiCache cluster exceeds the specified threshold. High CPU utilization can indicate that the cluster is under heavy load, which may lead to performance degradation and slow response times. Monitoring this metric helps ensure that the ElastiCache cluster operates efficiently and can handle the workload without compromising performance. The alert is activated when the CPU utilization exceeds the 80% over last 10 minutes. Customization Guidance: - Threshold: The default threshold is set at 80% CPU utilization over the monitoring period. Adjust this threshold according to your application's performance requirements and expected load. Lower values may be necessary for applications with critical performance requirements. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of high CPU utilization. This may involve examining the workload to check for unusual spikes or sustained increases in user activity, ensuring that the ElastiCache cluster has adequate resources (CPU, memory) to handle the load, analyzing and optimizing application queries to reduce the CPU load, reviewing and optimizing cache configurations and settings, considering scaling up or scaling out the cache cluster to manage increased CPU loads effectively, and analyzing and optimizing application code to improve efficiency and reduce CPU usage.

This alert triggers when the total amount of freeable memory in the ElastiCache cluster falls below the specified threshold. Low freeable memory can lead to performance degradation, evictions of cached data, and potential service disruptions. Monitoring this metric helps ensure that the ElastiCache cluster has sufficient memory resources to handle the workload and maintain optimal performance. The alert is activated when the freeable memory falls below the 200 MB over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at less than 200 MB of freeable memory over the monitoring period. Adjust this threshold according to your application's memory requirements and expected load. Higher values may be necessary for applications with high memory demands. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of low freeable memory. This may involve examining memory usage to check for unusual spikes or sustained increases in memory demand, ensuring that the ElastiCache cluster has adequate memory resources to handle the load, reviewing and optimizing the eviction policy to manage memory more effectively, adjusting cache configurations and settings to better manage memory usage, considering scaling up or scaling out the cache cluster to increase available memory, and analyzing and optimizing application code to improve memory efficiency and reduce memory usage.

This alert triggers when the total swap usage in the ElastiCache cluster exceeds the specified threshold. High swap usage indicates that the system is using disk space to supplement RAM, which can lead to significant performance degradation. This often happens when there is insufficient memory available, causing the system to swap data to disk. Monitoring this metric helps ensure that the ElastiCache cluster has sufficient memory resources to operate efficiently and prevents performance issues related to excessive swapping. The alert is activated when the swap usage exceeds the 50 MB over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at at greater than 50 MB of swap usage over the monitoring period. Adjust this threshold according to your application's memory requirements and expected load. Lower values are generally better, as swap usage should ideally be minimized or avoided. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of high swap usage. This may involve examining memory utilization to check for unusual spikes or sustained increases in memory demand, ensuring that the ElastiCache cluster has adequate memory resources to handle the load, reviewing and optimizing the eviction policy to manage memory more effectively and reduce the need for swapping, adjusting cache configurations and settings to better manage memory usage and minimize swap usage, considering scaling up or scaling out the cache cluster to increase available memory and reduce swap usage, and analyzing and optimizing application code to improve memory efficiency and reduce memory usage.

This alert triggers when the average percentage of database memory utilization in the ElastiCache cluster exceeds the specified threshold. High memory utilization can lead to performance degradation, increased latency, and potential evictions of cached data. Monitoring this metric helps ensure that the ElastiCache cluster has sufficient memory resources to handle the workload and maintain optimal performance. The alert is activated when the database memory utilization percentage exceeds the 75% over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at greater than 75% database memory utilization over the monitoring period. Adjust this threshold according to your application's memory requirements and expected load. Lower values may be necessary for applications with critical performance requirements. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of high database memory utilization. This may involve examining memory utilization to check for unusual spikes or sustained increases in memory demand, ensuring that the ElastiCache cluster has adequate memory resources to handle the load, reviewing and optimizing the eviction policy to manage memory more effectively, adjusting cache configurations and settings to better manage memory usage, considering scaling up or scaling out the cache cluster to increase available memory and reduce memory utilization, and analyzing and optimizing application code to improve memory efficiency and reduce memory utilization.

This alert triggers when the number of packets shaped due to exceeding the inbound aggregate bandwidth limit for the ElastiCache cluster exceeds the 400. Exceeding the network bandwidth allowance can lead to throttling, increased latency, and potential disruption of service. Monitoring this metric helps ensure that the ElastiCache cluster operates within its network bandwidth limits and maintains optimal performance. The alert is activated when the number of shaped packets exceeds the 400 over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at more than 400 packets shaped over the monitoring period.Adjust this threshold according to your application's network bandwidth requirements and expected load. Lower values may be necessary for applications with high network demands. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of shaped packets. This may involve examining network traffic to check for unusual spikes or sustained increases in demand, ensuring that the ElastiCache cluster has adequate network resources to handle the load, reviewing and optimizing application network usage to reduce bandwidth consumption, adjusting cache configurations and settings to better manage network bandwidth usage, considering scaling up or scaling out the cache cluster to increase available network bandwidth, and analyzing and optimizing application code to improve network efficiency and reduce bandwidth usage.

This alert triggers when the number of packets shaped due to exceeding the outbound aggregate bandwidth limit for the ElastiCache cluster exceeds the specified threshold. Exceeding the network bandwidth allowance can lead to throttling, increased latency, and potential disruption of service. Monitoring this metric helps ensure that the ElastiCache cluster operates within its network bandwidth limits and maintains optimal performance. The alert is activated when the number of shaped packets exceeds 100 over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at more than 100 packets shaped over the monitoring period.Adjust this threshold according to your application's network bandwidth requirements and expected load. Lower values may be necessary for applications with high network demands. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of shaped packets. This may involve examining network traffic to check for unusual spikes or sustained increases in demand, ensuring that the ElastiCache cluster has adequate network resources to handle the load, reviewing and optimizing application network usage to reduce bandwidth consumption, adjusting cache configurations and settings to better manage network bandwidth usage, considering scaling up or scaling out the cache cluster to increase available network bandwidth, and analyzing and optimizing application code to improve network efficiency and reduce bandwidth usage.

This alert triggers when the number of packets dropped due to exceeding the network connection tracking (conntrack) allowance for the ElastiCache cluster exceeds the specified threshold. Exceeding the conntrack allowance can lead to dropped connections, increased latency, and potential service disruptions. Monitoring this metric helps ensure that the ElastiCache cluster operates within its connection tracking limits and maintains optimal performance. The alert is activated when the number of dropped packets due to conntrack allowance exceeds the 10 over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at greater than 10 packets dropped due to conntrack allowance over the monitoring period. Adjust this threshold according to your application's network connection requirements and expected load. Lower values may be necessary for applications with high connection demands. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of dropped packets due to conntrack allowance. This may involve examining network connections to check for unusual spikes or sustained increases in demand, ensuring that the ElastiCache cluster has adequate network resources to handle the load, reviewing and optimizing application connection usage to reduce the number of active connections, adjusting cache configurations and settings to better manage network connections, considering scaling up or scaling out the cache cluster to increase available network connection capacity, and analyzing and optimizing application code to improve connection efficiency and reduce the number of connections.

This alert triggers when the number of packets shaped because the bidirectional packets per second exceeded the maximum for the instance. Exceeding the network packets per second allowance can lead to throttling, increased latency, and potential service disruptions. Monitoring this metric helps ensure that the ElastiCache cluster operates within its network capacity and maintains optimal performance. The alert is activated when the number of shaped packets per second exceeds the 100 over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at greater than 100 packets per second over the monitoring period. Adjust this threshold according to your application's network requirements and expected load. Lower values may be necessary for applications with high network demands. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of shaped packets per second. This may involve examining network traffic to check for unusual spikes or sustained increases in demand, ensuring that the ElastiCache cluster has adequate network resources to handle the load, reviewing and optimizing application network usage to reduce packet rate, adjusting cache configurations and settings to better manage network bandwidth usage, considering scaling up or scaling out the cache cluster to increase available network capacity, and analyzing and optimizing application code to improve network efficiency and reduce packet rate.

This alert triggers when the number of keys evicted from the ElastiCache cluster exceeds the specified threshold. High eviction rates can indicate insufficient memory, which may lead to performance degradation and potential data loss. Monitoring this metric helps ensure that the ElastiCache cluster has adequate memory resources to handle the workload and maintain optimal performance. The alert is activated when the number of evicted keys exceeds the 1000 over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at greater than 1000 evictions over the monitoring period. Adjust this threshold according to your application's memory requirements and expected load. Lower values may be necessary for applications with critical data retention needs. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high eviction rate. This may involve examining memory utilization to check for unusual spikes or sustained increases in memory demand, ensuring that the ElastiCache cluster has adequate memory resources to handle the load, reviewing and optimizing the eviction policy to manage memory more effectively, adjusting cache configurations and settings to better manage memory usage and minimize evictions, considering scaling up or scaling out the cache cluster to increase available memory and reduce eviction rates, and analyzing and optimizing application code to improve memory efficiency and reduce memory usage.

This alert triggers when the percentage of cache hits in the ElastiCache cluster falls below the specified threshold. A low cache hit percentage indicates that a high number of requests are not being served from the cache, leading to increased latency and potential performance degradation. Monitoring this metric helps ensure that the ElastiCache cluster is effectively serving requests from the cache and maintaining optimal performance. The alert is activated when the cache hit percentage falls below the 70% over 10 minutes. Customization Guidance: - Threshold: The default threshold is set at less than 70% cache hit percentage over the monitoring period. Adjust this threshold according to your application's performance needs and expected load. Higher values indicate better cache performance. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the low cache hit percentage. This may involve examining cache utilization to check for unusual spikes in cache misses or sustained increases in requests not served from the cache, ensuring that frequently accessed data is being properly cached, reviewing and optimizing cache configurations and settings to improve cache hit rates, analyzing and optimizing application queries to make better use of the cache, considering scaling up or scaling out the cache cluster to improve cache performance, and analyzing and optimizing application code to improve cache efficiency and increase the cache hit rate.

This alert triggers when the replication lag between the primary and replica nodes in the ElastiCache cluster exceeds the specified threshold. High replication lag can lead to stale data being served from the replicas, which may affect the consistency and performance of your application. Monitoring this metric helps ensure that the ElastiCache cluster maintains up-to-date replicas and operates efficiently. The alert is activated when the replication lag exceeds the 10 milliseconds over the 10 minutes. Customization Guidance: - Threshold: The default threshold is set at greater than 10 milliseconds over the 10 minutes. Adjust this threshold according to your application's data consistency requirements and expected load. Lower values are generally better to ensure data consistency. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high replication lag. This may involve examining network latency to check for network issues that may be causing delays in replication, ensuring that the primary and replica nodes have adequate resources (CPU, memory) to handle the replication load, reviewing and optimizing replication configurations and settings to reduce lag, analyzing the application traffic to identify any sudden spikes that may be affecting replication, considering scaling up or scaling out the ElastiCache cluster to improve replication performance, and analyzing and optimizing application code to reduce the load on the primary node and improve replication efficiency.

This alert triggers when the number of authentication failures in the ElastiCache cluster exceeds the specified threshold. A high number of authentication failures can indicate potential security issues, such as unauthorized access attempts, misconfigurations, or expired credentials. Monitoring this metric helps ensure that the ElastiCache cluster is secure and that only authorized users can access it. The alert is activated when the number of authentication failures exceeds the specified threshold over a defined period. Customization Guidance: - Threshold: The default threshold is set at greater than 10 authentication failures over 10 minutes. Adjust this threshold according to your application's security requirements and expected access patterns. Lower values may be necessary for applications with strict security policies. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of authentication failures. This may involve checking for unauthorized access attempts, verifying that all user credentials are up to date and correctly configured, reviewing access logs for suspicious activity, ensuring that security settings and configurations are correctly applied, and considering implementing additional security measures such as multi-factor authentication (MFA) or rotating credentials.

This alert triggers when the number of channel authorization failures in the ElastiCache cluster exceeds the specified threshold. A high number of channel authorization failures can indicate potential security issues, such as unauthorized access attempts, misconfigurations, or incorrect permissions. Monitoring this metric helps ensure that the ElastiCache cluster's channels are secure and that only authorized users can access them. The alert is activated when the number of channel authorization failures exceeds the specified threshold over a defined period. Customization Guidance: - Threshold: The default threshold is set at greater than 10 channel authorization failures over the monitoring period. Adjust this threshold according to your application's security requirements and expected access patterns. Lower values may be necessary for applications with strict security policies. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of channel authorization failures. This may involve checking for unauthorized access attempts, verifying that all user permissions are correctly configured and up to date, reviewing access logs for suspicious activity, ensuring that security settings and configurations for channels are correctly applied, and considering implementing additional security measures such as multi-factor authentication (MFA) or rotating credentials.

This alert triggers when the number of command authorization failures in the ElastiCache cluster exceeds the specified threshold. A high number of command authorization failures can indicate potential security issues, such as unauthorized access attempts, misconfigurations, or incorrect permissions. Monitoring this metric helps ensure that only authorized commands are executed in the ElastiCache cluster, maintaining the security and integrity of your data. The alert is activated when the number of command authorization failures exceeds the specified threshold over a defined period. Customization Guidance: - Threshold: The default threshold is set at greater than 10 command authorization failures over the monitoring period. Adjust this threshold according to your application's security requirements and expected access patterns. Lower values may be necessary for applications with strict security policies. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of command authorization failures. This may involve checking for unauthorized access attempts, verifying that all user permissions are correctly configured and up to date, reviewing access logs for suspicious activity, ensuring that security settings and configurations for commands are correctly applied, and considering implementing additional security measures such as multi-factor authentication (MFA) or rotating credentials.

This alert triggers when the number of key authorization failures in the ElastiCache cluster exceeds the specified threshold. A high number of key authorization failures can indicate potential security issues, such as unauthorized access attempts, misconfigurations, or incorrect permissions. Monitoring this metric helps ensure that only authorized access to keys is permitted, maintaining the security and integrity of your cached data. The alert is activated when the number of key authorization failures exceeds the specified threshold over a defined period. Customization Guidance: - Threshold: The default threshold is set at greater than 10 key authorization failures over the monitoring period. Adjust this threshold according to your application's security requirements and expected access patterns. Lower values may be necessary for applications with strict security policies. - Monitoring Period: The monitoring period can be adjusted to shorter or longer than 10 minutes based on the traffic pattern and criticality of the application. Shorter periods may be used for high-traffic, critical applications to catch issues more rapidly. Longer periods may be used to reduce alert noise. - Notification Frequency: Consider the frequency of this alert to optimize the balance between responsiveness and noise. Adjust according to the criticality of the application's uninterrupted operation. Action: When an alert is triggered, promptly investigate the potential causes of the high number of key authorization failures. This may involve checking for unauthorized access attempts, verifying that all user permissions are correctly configured and up to date, reviewing access logs for suspicious activity, ensuring that security settings and configurations for key access are correctly applied, and considering implementing additional security measures such as multi-factor authentication (MFA) or rotating credentials.