It is AWS best practice to remove entries in security group which allows DNS access from public IP to reduce possibility of breach. Allowing unrestricted DNS access can increase threats such as Denial of Service (DoS) attacks or Distributed Denial of Service (DDoS) attacks.
Setting limits for the type of AWS ElastiCache cluster nodes will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS ElastiCache cluster nodes have the desired type established by your organization based on the caching workload required.
Amazon ElastiCache clusters using EC2-VPC platform instead of EC2-Classic can bring multiple advantages such as better flexibility and control over the cache clusters security, availability, traffic routing and more. This template ensure that your ElastiCache clusters are provisioned within the AWS EC2-VPC platform or not.