ElastiCache Nodes Not Created Across Multi AZ
- Query id: cfdef2e5-1fe4-4ef4-bea8-c56e08963150
- Query name: ElastiCache Nodes Not Created Across Multi AZ
- Platform: CloudFormation
- Severity: Medium
- Category: Availability
- CWE: 284
- URL: Github
Description¶
ElastiCache Nodes should be created across multi az, which means 'AZMode' should be set to 'cross-az' in multi nodes cluster
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
myCacheCluster3:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
AZMode: single-az
CacheNodeType: cache.m3.medium
Engine: memcached
NumCacheNodes: '3'
PreferredAvailabilityZones:
- us-west-2a
- us-west-2a
- us-west-2b
Positive test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
myCacheCluster4:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
CacheNodeType: cache.m3.medium
Engine: memcached
NumCacheNodes: '3'
PreferredAvailabilityZones:
- us-west-2a
- us-west-2a
- us-west-2b
Positive test num. 3 - json file
{
"Resources": {
"myCacheCluster5": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"AZMode": "single-az",
"CacheNodeType": "cache.m3.medium",
"Engine": "memcached",
"NumCacheNodes": "3",
"PreferredAvailabilityZones": [
"us-west-2a",
"us-west-2a",
"us-west-2b"
]
}
}
}
}
Positive test num. 4 - json file
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
myCacheCluster:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
AZMode: cross-az
CacheNodeType: cache.m3.medium
Engine: memcached
NumCacheNodes: '3'
PreferredAvailabilityZones:
- us-west-2a
- us-west-2a
- us-west-2b
Negative test num. 2 - json file
{
"Resources": {
"myCacheCluster2": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"AZMode": "cross-az",
"CacheNodeType": "cache.m3.medium",
"Engine": "memcached",
"NumCacheNodes": "3",
"PreferredAvailabilityZones": [
"us-west-2a",
"us-west-2a",
"us-west-2b"
]
}
}
}
}