BOM - AWS Elasticache
- Query id: c689f51b-9203-43b3-9d8b-caed123f706c
- Query name: BOM - AWS Elasticache
- Platform: CloudFormation
- Severity: Trace
- Category: Bill Of Materials
- CWE: Ongoing
- URL: Github
Description¶
A list of Elasticache resources found. Amazon ElastiCache is a fully managed, in-memory caching service supporting flexible, real-time use cases. You can use ElastiCache for caching, which accelerates application and database performance, or as a primary data store for use cases that don't require durability like session stores, gaming leaderboards, streaming, and analytics. ElastiCache is compatible with Redis and Memcached.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
ElasticacheCluster:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
Engine: memcached
CacheNodeType: cache.t2.micro
NumCacheNodes: '1'
CacheSubnetGroupName: default
CacheSecurityGroupNames:
- !Ref CacheSecurityGroup
CacheSecurityGroup:
Type: AWS::ElastiCache::SecurityGroup
Properties:
Description: My ElastiCache Security Group
SecurityGroupIngress:
Type: AWS::ElastiCache::SecurityGroupIngress
Properties:
CacheSecurityGroupName: !Ref CacheSecurityGroup
EC2SecurityGroupName: !Ref SecurityGroup
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to client host
VpcId: !Ref myVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Positive test num. 2 - json file
{
"Resources": {
"ElasticacheCluster": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"CacheNodeType": "cache.m3.medium",
"Engine": "memcached",
"NumCacheNodes": "1",
"CacheSubnetGroupName": "default"
}
}
}
}
Positive test num. 3 - yaml file
Resources:
ElasticacheCluster:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
Engine: memcached
CacheNodeType: cache.t2.micro
NumCacheNodes: '1'
CacheSubnetGroupName: default
CacheSecurityGroupNames:
- !Ref CacheSecurityGroup2
CacheSecurityGroup2:
Type: AWS::ElastiCache::SecurityGroup
Properties:
Description: My ElastiCache Security Group
SecurityGroupIngress2:
Type: AWS::ElastiCache::SecurityGroupIngress
Properties:
CacheSecurityGroupName: !Ref CacheSecurityGroup2
EC2SecurityGroupName: !Ref SecurityGroup2
SecurityGroup2:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to client host
VpcId: !Ref myVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 1.2.3.4/28