DAX Cluster Not Encrypted
- Query id: e5849a68-bdbe-4b70-97c6-6901f39f8094
- Query name: DAX Cluster Not Encrypted
- Platform: CloudFormation
- Severity: High
- Category: Encryption
- CWE: 311
- Risk score: 6.0
- URL: Github
Description¶
AWS DAX Cluster should have server-side encryption at rest
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create a DAX cluster"
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Properties:
SSESpecification:
SSEEnabled: false
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Description: "DAX cluster created with CloudFormation"
Positive test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create a DAX cluster"
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Properties:
SSESpecification:
SSEEnabled: "false"
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Description: "DAX cluster created with CloudFormation"
Positive test num. 3 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create a DAX cluster"
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Properties:
SSESpecification: "no_SSEEnabled"
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Description: "DAX cluster created with CloudFormation"
Positive test num. 4 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create a DAX cluster"
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Properties:
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Description: "DAX cluster created with CloudFormation"
Positive test num. 5 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a DAX cluster",
"Resources": {
"daxCluster": {
"Type": "AWS::DAX::Cluster",
"Properties": {
"SSESpecification": {
"SSEEnabled": false
},
"ClusterName": "MyDAXCluster",
"NodeType": "dax.r3.large",
"ReplicationFactor": 1,
"IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
"Description": "DAX cluster created with CloudFormation"
}
}
}
}
Positive test num. 6 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a DAX cluster",
"Resources": {
"daxCluster": {
"Type": "AWS::DAX::Cluster",
"Properties": {
"SSESpecification": {
"SSEEnabled": "false"
},
"ClusterName": "MyDAXCluster",
"NodeType": "dax.r3.large",
"ReplicationFactor": 1,
"IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
"Description": "DAX cluster created with CloudFormation"
}
}
}
}
Positive test num. 7 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a DAX cluster",
"Resources": {
"daxCluster": {
"Type": "AWS::DAX::Cluster",
"Properties": {
"SSESpecification": {},
"ClusterName": "MyDAXCluster",
"NodeType": "dax.r3.large",
"ReplicationFactor": 1,
"IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
"Description": "DAX cluster created with CloudFormation"
}
}
}
}
Positive test num. 8 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a DAX cluster",
"Resources": {
"daxCluster": {
"Type": "AWS::DAX::Cluster",
"Properties": {
"ClusterName": "MyDAXCluster",
"NodeType": "dax.r3.large",
"ReplicationFactor": 1,
"IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
"Description": "DAX cluster created with CloudFormation"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create a DAX cluster"
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Properties:
SSESpecification:
SSEEnabled: true
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Description: "DAX cluster created with CloudFormation"
Negative test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create a DAX cluster"
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Properties:
SSESpecification:
SSEEnabled: "true"
ClusterName: "MyDAXCluster"
NodeType: "dax.r3.large"
ReplicationFactor: 1
IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
Description: "DAX cluster created with CloudFormation"
Negative test num. 3 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a DAX cluster",
"Resources": {
"daxCluster": {
"Type": "AWS::DAX::Cluster",
"Properties": {
"SSESpecification": {
"SSEEnabled": true
},
"ClusterName": "MyDAXCluster",
"NodeType": "dax.r3.large",
"ReplicationFactor": 1,
"IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
"Description": "DAX cluster created with CloudFormation"
}
}
}
}
Negative test num. 4 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a DAX cluster",
"Resources": {
"daxCluster": {
"Type": "AWS::DAX::Cluster",
"Properties": {
"SSESpecification": {
"SSEEnabled": "true"
},
"ClusterName": "MyDAXCluster",
"NodeType": "dax.r3.large",
"ReplicationFactor": 1,
"IAMRoleARN": "arn:aws:iam::111122223333:role/DaxAccess",
"Description": "DAX cluster created with CloudFormation"
}
}
}
}