BOM - AWS Elasticache

  • Query id: c689f51b-9203-43b3-9d8b-caed123f706c
  • Query name: BOM - AWS Elasticache
  • Platform: CloudFormation
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: Ongoing
  • URL: Github

Description

A list of Elasticache resources found. Amazon ElastiCache is a fully managed, in-memory caching service supporting flexible, real-time use cases. You can use ElastiCache for caching, which accelerates application and database performance, or as a primary data store for use cases that don't require durability like session stores, gaming leaderboards, streaming, and analytics. ElastiCache is compatible with Redis and Memcached.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
Resources:
  ElasticacheCluster:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:    
      Engine: memcached
      CacheNodeType: cache.t2.micro
      NumCacheNodes: '1'
      CacheSubnetGroupName: default
      CacheSecurityGroupNames:
        - !Ref CacheSecurityGroup
  CacheSecurityGroup:
    Type: AWS::ElastiCache::SecurityGroup
    Properties: 
      Description: My ElastiCache Security Group
  SecurityGroupIngress:
    Type: AWS::ElastiCache::SecurityGroupIngress
    Properties: 
      CacheSecurityGroupName: !Ref CacheSecurityGroup
      EC2SecurityGroupName: !Ref SecurityGroup
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow http to client host
      VpcId: !Ref myVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
Positive test num. 2 - json file
{
  "Resources": {
    "ElasticacheCluster": {
      "Type": "AWS::ElastiCache::CacheCluster",
      "Properties": {
          "CacheNodeType": "cache.m3.medium",
          "Engine": "memcached",
          "NumCacheNodes": "1",
          "CacheSubnetGroupName": "default"
      }
   }
  }
}
Positive test num. 3 - yaml file
Resources:
  ElasticacheCluster:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:    
      Engine: memcached
      CacheNodeType: cache.t2.micro
      NumCacheNodes: '1'
      CacheSubnetGroupName: default
      CacheSecurityGroupNames:
        - !Ref CacheSecurityGroup2
  CacheSecurityGroup2:
    Type: AWS::ElastiCache::SecurityGroup
    Properties: 
      Description: My ElastiCache Security Group
  SecurityGroupIngress2:
    Type: AWS::ElastiCache::SecurityGroupIngress
    Properties: 
      CacheSecurityGroupName: !Ref CacheSecurityGroup2
      EC2SecurityGroupName: !Ref SecurityGroup2
  SecurityGroup2:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow http to client host
      VpcId: !Ref myVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 1.2.3.4/28

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: true
Negative test num. 2 - json file
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myDistribution": {
      "Type": "AWS::CloudFront::Distribution",
      "Properties": {
        "DistributionConfig": {
          "Enabled": "true"
        }
      }
    }
  }
}