diff --git a/changelogs/fragments/410-elasticache-fixes.yml b/changelogs/fragments/410-elasticache-fixes.yml
new file mode 100644
index 00000000000..69e9a176e0b
--- /dev/null
+++ b/changelogs/fragments/410-elasticache-fixes.yml
@@ -0,0 +1,5 @@
+---
+bugfixes:
+  - elasticache - Fix ``KeyError`` issue when updating security group (https://github.com/ansible-collections/community.aws/pull/410).
+minor_changes:
+  - elasticache - Improve docs a little, add intgration tests (https://github.com/ansible-collections/community.aws/pull/410).
diff --git a/plugins/modules/elasticache.py b/plugins/modules/elasticache.py
index 93804562f2e..53e72f664b4 100644
--- a/plugins/modules/elasticache.py
+++ b/plugins/modules/elasticache.py
@@ -74,7 +74,8 @@
     elements: str
   cache_security_groups:
     description:
-      - A list of cache security group names to associate with this cache cluster. Must be an empty list if inside a VPC.
+      - A list of cache security group names to associate with this cache cluster.
+      - Don't use if your Cache is inside a VPC. In that case use I(security_group_ids) instead!
     type: list
     elements: str
   zone:
@@ -393,7 +394,7 @@ def _requires_modification(self):
         # check vpc security groups
         if self.security_group_ids:
             vpc_security_groups = []
-            security_groups = self.data['SecurityGroups'] or []
+            security_groups = self.data.get('SecurityGroups', [])
             for sg in security_groups:
                 vpc_security_groups.append(sg['SecurityGroupId'])
             if set(vpc_security_groups) != set(self.security_group_ids):
diff --git a/tests/integration/targets/elasticache/aliases b/tests/integration/targets/elasticache/aliases
new file mode 100644
index 00000000000..ce569e50624
--- /dev/null
+++ b/tests/integration/targets/elasticache/aliases
@@ -0,0 +1,8 @@
+# Sometimes hit AWS capacity issues - InsufficientCacheClusterCapacity
+# https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ErrorMessages.html#ErrorMessages.INSUFFICIENT_CACHE_CLUSTER_CAPACITY
+unstable
+
+cloud/aws
+shippable/aws/group1
+
+elasticache_subnet_group
diff --git a/tests/integration/targets/elasticache/defaults/main.yml b/tests/integration/targets/elasticache/defaults/main.yml
new file mode 100644
index 00000000000..1e1f60c90bd
--- /dev/null
+++ b/tests/integration/targets/elasticache/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+
+vpc_name: "{{ resource_prefix }}-elasticache-test-vpc"
+vpc_seed: '{{ resource_prefix }}'
+vpc_cidr_prefix: '10.{{ 256 | random(seed=vpc_seed) }}'
+
+elasticache_redis_sg_name: "{{ resource_prefix }}-elasticache-test-redis-sg"
+elasticache_redis_test_name: "{{ resource_prefix }}-redis-test"
+elasticache_subnet_group_name: "{{ resource_prefix }}-elasticache-test-vpc-subnet-group"
+elasticache_redis_port: 6379
diff --git a/tests/integration/targets/elasticache/tasks/main.yml b/tests/integration/targets/elasticache/tasks/main.yml
new file mode 100644
index 00000000000..915c9ddf03c
--- /dev/null
+++ b/tests/integration/targets/elasticache/tasks/main.yml
@@ -0,0 +1,134 @@
+---
+
+- name: Integration testing for the elasticache module
+  module_defaults:
+    group/aws:
+      aws_access_key: '{{ aws_access_key }}'
+      aws_secret_key: '{{ aws_secret_key }}'
+      security_token: '{{ security_token | default(omit) }}'
+      region: '{{ aws_region }}'
+  collections:
+    - amazon.aws
+  block:
+    # == Dependency setup ==
+
+    - name: Create VPC to launch Elasticache instances into
+      ec2_vpc_net:
+        name: "{{ vpc_name }}"
+        cidr_block: "{{ vpc_cidr_prefix }}.0.0/16"
+        state: present
+      register: elasticache_vpc
+
+    - name: Create subnet 1 in this VPC to launch Elasticache instances into
+      ec2_vpc_subnet:
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        cidr: "{{ vpc_cidr_prefix }}.1.0/24"
+        state: present
+      register: elasticache_vpc_subnet_1
+
+    - name: Create subnet 2 in this VPC to launch Elasticache instances into
+      ec2_vpc_subnet:
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        cidr: "{{ vpc_cidr_prefix }}.2.0/24"
+        state: present
+      register: elasticache_vpc_subnet_2
+
+    - name: Create Elasticache Subnet Group (grouping two subnets together)
+      elasticache_subnet_group:
+        name: "{{ elasticache_subnet_group_name }}"
+        description: Subnet group grouping together both VPC subnets for Elasticache Test setup
+        subnets:
+          - "{{ elasticache_vpc_subnet_1.subnet.id }}"
+          - "{{ elasticache_vpc_subnet_2.subnet.id }}"
+        state: present
+
+    # == Actual testing of the elasticache module ==
+
+    - name: Create Redis Server on Elasticache in VPC subnets
+      elasticache:
+        name: "{{ elasticache_redis_test_name }}"
+        engine: redis
+        node_type: cache.t3.micro
+        cache_port: "{{ elasticache_redis_port }}"
+        cache_subnet_group: "{{ elasticache_subnet_group_name }}"
+        num_nodes: 1
+        state: present
+      register: elasticache_redis
+
+    - name: Assert that task worked
+      assert:
+        that:
+          - elasticache_redis is changed
+          - elasticache_redis.elasticache.data is defined
+          - elasticache_redis.elasticache.name == "{{ elasticache_redis_test_name }}"
+          - elasticache_redis.elasticache.data.CacheSubnetGroupName == "{{ elasticache_subnet_group_name }}"
+
+    - name: Add security group for Redis access in Elasticache
+      ec2_group:
+        name: "{{ elasticache_redis_sg_name }}"
+        description: Allow access to Elasticache Redis for testing EC module
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        rules:
+          - proto: tcp
+            from_port: "{{ elasticache_redis_port }}"
+            to_port: "{{ elasticache_redis_port }}"
+            cidr_ip: 10.31.0.0/16
+      register: elasticache_redis_sg
+
+    - name: Update Redis Elasticache config with security group (to if changes to existing setup work)
+      elasticache:
+        name: "{{ elasticache_redis.elasticache.name }}"
+        engine: redis
+        node_type: cache.t3.micro
+        num_nodes: 1
+        cache_port: "{{ elasticache_redis_port }}"
+        cache_subnet_group: "{{ elasticache_subnet_group_name }}"
+        security_group_ids: "{{ elasticache_redis_sg.group_id }}"
+        state: present
+      register: elasticache_redis_new
+
+    - name: Assert that task worked
+      assert:
+        that:
+          - elasticache_redis_new is changed
+          - elasticache_redis_new.elasticache.data is defined
+          - elasticache_redis_new.elasticache.data.Engine == "redis"
+          - elasticache_redis_new.elasticache.data.SecurityGroups.0.SecurityGroupId == elasticache_redis_sg.group_id
+
+  always:
+
+    # == Cleanup ==
+
+    - name: Make sure test Redis is deleted again from Elasticache
+      elasticache:
+        name: "{{ elasticache_redis_test_name }}"
+        engine: redis
+        state: absent
+
+    - name: Make sure Elasticache Subnet group is deleted again
+      elasticache_subnet_group:
+        name: "{{ elasticache_subnet_group_name }}"
+        state: absent
+
+    - name: Make sure Redis Security Group is deleted again
+      ec2_group:
+        name: "{{ elasticache_redis_sg_name }}"
+        state: absent
+
+    - name: Make sure VPC subnet 1 is deleted again
+      ec2_vpc_subnet:
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        cidr: "{{ vpc_cidr_prefix }}.1.0/24"
+        state: absent
+
+    - name: Make sure VPC subnet 2 is deleted again
+      ec2_vpc_subnet:
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        cidr: "{{ vpc_cidr_prefix }}.2.0/24"
+        state: absent
+
+    - name: Make sure VPC is deleted again (only works if subnets were deleted)
+      ec2_vpc_net:
+        name: "{{ vpc_name }}"
+        cidr_block: "{{ vpc_cidr_prefix }}.0.0/16"
+        state: absent