ElastiCache Replication Group Not Encrypted At Rest
- Query id: 76976de7-c7b1-4f64-a94f-90c1345914c2
- Query name: ElastiCache Replication Group Not Encrypted At Rest
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
ElastiCache Replication Group encryption should be enabled at Rest
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "aws_elasticache_replication_group" "example" {
automatic_failover_enabled = true
availability_zones = ["us-west-2a", "us-west-2b"]
replication_group_id = "tf-rep-group-1"
replication_group_description = "test description"
node_type = "cache.m4.large"
number_cache_clusters = 2
port = 6379
}
Postitive test num. 2 - tf file
resource "aws_elasticache_replication_group" "example2" {
automatic_failover_enabled = true
availability_zones = ["us-west-2a", "us-west-2b"]
replication_group_id = "tf-rep-group-1"
replication_group_description = "test description"
node_type = "cache.m4.large"
number_cache_clusters = 2
port = 6379
at_rest_encryption_enabled = false
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_elasticache_replication_group" "example3" {
automatic_failover_enabled = true
availability_zones = ["us-west-2a", "us-west-2b"]
replication_group_id = "tf-rep-group-1"
replication_group_description = "test description"
node_type = "cache.m4.large"
number_cache_clusters = 2
port = 6379
at_rest_encryption_enabled = true
}