daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/aws/elasticache/cache-redis-multiaz-disable...

60 lines
2.0 KiB
YAML
Raw Blame History

id: cache-redis-multiaz-disabled
info:
name: ElastiCache Redis Multi-AZ - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon ElastiCache Redis cache clusters are using a Multi-AZ deployment configuration to enhance reliability through automatic failover.
impact: |
Disabling ElastiCache Redis Multi-AZ can lead to data loss and increased downtime in the event of a primary node failure, as failover to a secondary node in a different availability zone will not occur automatically.
remediation: |
Enable Multi-AZ replication in the ElastiCache Redis settings or create a new cluster with Multi-AZ enabled to ensure high availability.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/elasticache-multi-az.html
- https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html
tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let ReplicationGroupId of iterate(template.replicationgroupids)){
set("replicationgroup", ReplicationGroupId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --region $region --output json --query 'ReplicationGroups[*].ReplicationGroupId'
extractors:
- type: json
name: replicationgroupids
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --region $region --replication-group-id $replicationgroup --query 'ReplicationGroups[*].MultiAZ'
matchers:
- type: word
words:
- 'disabled'
extractors:
- type: dsl
dsl:
- 'replicationgroup + " ElastiCache Redis Multi-AZ is Disabled"'
# digest: 4a0a0047304502204301e43ac045c6186aedb2a1a074610422c2002d90876cf4ac2d3402436911b6022100b9868d4c62014154ed9d7f27e2aa4282e365d89ee6795b2f192a11c9e74505e8:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink