ElastiCache Nodes Not Created Across Multi AZ

  • Query id: cfdef2e5-1fe4-4ef4-bea8-c56e08963150
  • Query name: ElastiCache Nodes Not Created Across Multi AZ
  • Platform: CloudFormation
  • Severity: Medium
  • Category: Availability
  • CWE: 284
  • URL: Github

Description

ElastiCache Nodes should be created across multi az, which means 'AZMode' should be set to 'cross-az' in multi nodes cluster
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  myCacheCluster3:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:
      AZMode: single-az
      CacheNodeType: cache.m3.medium
      Engine: memcached
      NumCacheNodes: '3'
      PreferredAvailabilityZones:
        - us-west-2a
        - us-west-2a
        - us-west-2b
Positive test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  myCacheCluster4:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:
      CacheNodeType: cache.m3.medium
      Engine: memcached
      NumCacheNodes: '3'
      PreferredAvailabilityZones:
        - us-west-2a
        - us-west-2a
        - us-west-2b
Positive test num. 3 - json file
{
  "Resources": {
    "myCacheCluster5": {
      "Type": "AWS::ElastiCache::CacheCluster",
      "Properties": {
        "AZMode": "single-az",
        "CacheNodeType": "cache.m3.medium",
        "Engine": "memcached",
        "NumCacheNodes": "3",
        "PreferredAvailabilityZones": [
          "us-west-2a",
          "us-west-2a",
          "us-west-2b"
        ]
      }
    }
  }
}

Positive test num. 4 - json file
{
  "Resources": {
    "myCacheCluster6": {
      "Type": "AWS::ElastiCache::CacheCluster",
      "Properties": {
        "CacheNodeType": "cache.m3.medium",
        "Engine": "memcached",
        "NumCacheNodes": "3",
        "PreferredAvailabilityZones": [
          "us-west-2a",
          "us-west-2a",
          "us-west-2b"
        ]
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  myCacheCluster:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:
      AZMode: cross-az
      CacheNodeType: cache.m3.medium
      Engine: memcached
      NumCacheNodes: '3'
      PreferredAvailabilityZones:
        - us-west-2a
        - us-west-2a
        - us-west-2b
Negative test num. 2 - json file
{
  "Resources": {
    "myCacheCluster2": {
      "Type": "AWS::ElastiCache::CacheCluster",
      "Properties": {
        "AZMode": "cross-az",
        "CacheNodeType": "cache.m3.medium",
        "Engine": "memcached",
        "NumCacheNodes": "3",
        "PreferredAvailabilityZones": [
          "us-west-2a",
          "us-west-2a",
          "us-west-2b"
        ]
      }
    }
  }
}