ElastiCache Redis Cluster Without Backup
- Query id: 8fdb08a0-a868-4fdf-9c27-ccab0237f1ab
- Query name: ElastiCache Redis Cluster Without Backup
- Platform: Terraform
- Severity: Medium
- Category: Backup
- CWE: 754
- URL: Github
Description¶
ElastiCache Redis cluster should have 'snapshot_retention_limit' higher than 0
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_elasticache_cluster" "positive1" {
cluster_id = "cluster"
engine = "redis"
node_type = "cache.m5.large"
num_cache_nodes = 1
parameter_group_name = aws_elasticache_parameter_group.default.id
}
resource "aws_elasticache_cluster" "positive2" {
cluster_id = "cluster"
engine = "redis"
node_type = "cache.m5.large"
num_cache_nodes = 1
parameter_group_name = aws_elasticache_parameter_group.default.id
snapshot_retention_limit = 0
}
resource "aws_elasticache_parameter_group" "default" {
name = "cache-params"
family = "redis2.8"
parameter {
name = "activerehashing"
value = "yes"
}
parameter {
name = "min-slaves-to-write"
value = "2"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_elasticache_cluster" "negative1" {
cluster_id = "cluster"
engine = "redis"
node_type = "cache.m5.large"
num_cache_nodes = 1
parameter_group_name = aws_elasticache_parameter_group.default.id
snapshot_retention_limit = 5
}
resource "aws_elasticache_parameter_group" "default" {
name = "cache-params"
family = "redis2.8"
parameter {
name = "activerehashing"
value = "yes"
}
parameter {
name = "min-slaves-to-write"
value = "2"
}
}